[*] Binary protection state of start_wps
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function printf tear down of start_wps
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/start_wps @ 0x407e80 */
| #include <stdint.h>
|
; (fcn) sym.create_pidfile_char_const_ () | void create_pidfile_char_const_ () {
| /* create_pidfile(char const*) */
0x00407e80 lui gp, 2 |
0x00407e84 addiu gp, gp, -0x3e60 |
0x00407e88 addu gp, gp, t9 | gp += t9;
0x00407e8c addiu sp, sp, -0x80 |
0x00407e90 sw ra, 0x7c(sp) | *(var_7ch) = ra;
0x00407e94 sw fp, 0x78(sp) | *(var_78h) = fp;
0x00407e98 move fp, sp | fp = sp;
0x00407e9c sw gp, 0x10(sp) | *(var_10h) = gp;
0x00407ea0 sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x00407ea4 lw t8, -0x7e18(gp) | t8 = *((gp - 8070));
0x00407ea8 lw t8, (t8) | t8 = *(t8);
0x00407eac sw t8, 0x74(fp) | *(arg_74h) = t8;
0x00407eb0 lw a0, 0x1c(fp) | a0 = *(arg_1ch);
0x00407eb4 addiu a1, zero, 0x102 | a1 = 0x102;
0x00407eb8 addiu a2, zero, 0x1a4 | a2 = 0x1a4;
0x00407ebc lw t8, -0x7f14(gp) | t8 = sym.imp.open64;
0x00407ec0 move t9, t8 | t9 = t8;
0x00407ec4 jalr t9 | t9 ();
0x00407ec8 nop |
0x00407ecc lw gp, 0x10(fp) | gp = *(arg_10h);
0x00407ed0 move t8, v0 | t8 = v0;
0x00407ed4 sw t8, 0x24(fp) | *(arg_24h) = t8;
0x00407ed8 addiu t8, zero, -1 | t8 = -1;
0x00407edc sw t8, 0x20(fp) | *(arg_20h) = t8;
0x00407ee0 lw t8, 0x24(fp) | t8 = *(arg_24h);
| if (t8 < 0) {
0x00407ee4 bgez t8, 0x407f10 |
0x00407ee8 nop |
0x00407eec lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.open */
0x00407ef0 addiu a0, t8, -0x5928 | a0 = t8 + -0x5928;
0x00407ef4 lw t8, -0x7ee4(gp) | t8 = sym.imp.perror;
0x00407ef8 move t9, t8 | t9 = t8;
0x00407efc jalr t9 | t9 ();
0x00407f00 nop |
0x00407f04 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00407f08 b 0x4080d4 | goto label_0;
0x00407f0c nop |
| }
0x00407f10 addiu t8, zero, 1 | t8 = 1;
0x00407f14 sh t8, 0x28(fp) | *(arg_28h) = t8;
0x00407f18 move t8, zero | t8 = 0;
0x00407f1c move t9, zero | t9 = 0;
0x00407f20 sw t8, 0x30(fp) | *(arg_30h) = t8;
0x00407f24 sw t9, 0x34(fp) | *(arg_34h) = t9;
0x00407f28 sh zero, 0x2a(fp) | *(arg_2ah) = 0;
0x00407f2c move t8, zero | t8 = 0;
0x00407f30 move t9, zero | t9 = 0;
0x00407f34 sw t8, 0x38(fp) | *(arg_38h) = t8;
0x00407f38 sw t9, 0x3c(fp) | *(arg_3ch) = t9;
0x00407f3c addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00407f40 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x00407f44 addiu a1, zero, 0x22 | a1 = 0x22;
0x00407f48 move a2, t8 | a2 = t8;
0x00407f4c lw t8, -0x7e1c(gp) | t8 = sym.imp.fcntl64;
0x00407f50 move t9, t8 | t9 = t8;
0x00407f54 jalr t9 | t9 ();
0x00407f58 nop |
0x00407f5c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00407f60 move t8, v0 | t8 = v0;
0x00407f64 srl t8, t8, 0x1f | t8 >>= 0x1f;
0x00407f68 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00407f6c beqz t8, 0x408010 |
0x00407f70 nop |
0x00407f74 lw t8, -0x7e14(gp) | t8 = sym.imp.__errno_location;
0x00407f78 move t9, t8 | t9 = t8;
0x00407f7c jalr t9 | t9 ();
0x00407f80 nop |
0x00407f84 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00407f88 move t8, v0 | t8 = v0;
0x00407f8c lw v0, (t8) | v0 = *(t8);
0x00407f90 addiu t8, zero, 0xd | t8 = 0xd;
| if (v0 != t8) {
0x00407f94 beq v0, t8, 0x407fc4 |
0x00407f98 nop |
0x00407f9c lw t8, -0x7e14(gp) | t8 = sym.imp.__errno_location;
0x00407fa0 move t9, t8 | t9 = t8;
0x00407fa4 jalr t9 | t9 ();
0x00407fa8 nop |
0x00407fac lw gp, 0x10(fp) | gp = *(arg_10h);
0x00407fb0 move t8, v0 | t8 = v0;
0x00407fb4 lw v0, (t8) | v0 = *(t8);
0x00407fb8 addiu t8, zero, 0xb | t8 = 0xb;
| if (v0 != t8) {
0x00407fbc bne v0, t8, 0x407fe8 | goto label_1;
| }
0x00407fc0 nop |
| }
0x00407fc4 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.Program_already_exists. */
0x00407fc8 addiu a0, t8, -0x5920 | a0 = t8 + -0x5920;
0x00407fcc lw t8, -0x7f38(gp) | t8 = sym.imp.puts;
0x00407fd0 move t9, t8 | t9 = t8;
0x00407fd4 jalr t9 | t9 ();
0x00407fd8 nop |
0x00407fdc lw gp, 0x10(fp) | gp = *(arg_10h);
0x00407fe0 b 0x4080bc | goto label_2;
0x00407fe4 nop |
| label_1:
0x00407fe8 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.Unable_to_lock__s_n */
0x00407fec addiu a0, t8, -0x5908 | a0 = t8 + -0x5908;
0x00407ff0 lw a1, 0x1c(fp) | a1 = *(arg_1ch);
0x00407ff4 lw t8, -0x7f30(gp) | t8 = sym.imp.printf
0x00407ff8 move t9, t8 | t9 = t8;
0x00407ffc jalr t9 | t9 ();
0x00408000 nop |
0x00408004 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00408008 b 0x4080bc | goto label_2;
0x0040800c nop |
| }
0x00408010 lw t8, -0x7e90(gp) | t8 = sym.imp.getpid;
0x00408014 move t9, t8 | t9 = t8;
0x00408018 jalr t9 | t9 ();
0x0040801c nop |
0x00408020 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00408024 move t8, v0 | t8 = v0;
0x00408028 addiu v0, fp, 0x4c | v0 = fp + 0x4c;
0x0040802c move a0, v0 | a0 = v0;
0x00408030 addiu a1, zero, 0x28 | a1 = 0x28;
0x00408034 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str._ld_n */
0x00408038 addiu a2, v0, -0x58f4 | a2 = v0 + -0x58f4;
0x0040803c move a3, t8 | a3 = t8;
0x00408040 lw t8, -0x7e74(gp) | t8 = sym.imp.snprintf
0x00408044 move t9, t8 | t9 = t8;
0x00408048 jalr t9 | t9 ();
0x0040804c nop |
0x00408050 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00408054 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x00408058 move a2, zero | a2 = 0;
0x0040805c move a3, zero | a3 = 0;
0x00408060 lw t8, -0x7f44(gp) | t8 = sym.imp.ftruncate64;
0x00408064 move t9, t8 | t9 = t8;
0x00408068 jalr t9 | t9 ();
0x0040806c nop |
0x00408070 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00408074 addiu t8, fp, 0x4c | t8 = fp + 0x4c;
0x00408078 move a0, t8 | a0 = t8;
0x0040807c lw t8, -0x7e5c(gp) | t8 = sym.imp.strlen;
0x00408080 move t9, t8 | t9 = t8;
0x00408084 jalr t9 | t9 ();
0x00408088 nop |
0x0040808c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00408090 move t8, v0 | t8 = v0;
0x00408094 addiu v0, fp, 0x4c | v0 = fp + 0x4c;
0x00408098 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x0040809c move a1, v0 | a1 = v0;
0x004080a0 move a2, t8 | a2 = t8;
0x004080a4 lw t8, -0x7ebc(gp) | t8 = sym.imp.write;
0x004080a8 move t9, t8 | t9 = t8;
0x004080ac jalr t9 | t9 ();
0x004080b0 nop |
0x004080b4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004080b8 sw zero, 0x20(fp) | *(arg_20h) = 0;
| label_2:
0x004080bc lw a0, 0x24(fp) | a0 = *(arg_24h);
0x004080c0 lw t8, -0x7ecc(gp) | t8 = sym.imp.close;
0x004080c4 move t9, t8 | t9 = t8;
0x004080c8 jalr t9 | t9 ();
0x004080cc nop |
0x004080d0 lw gp, 0x10(fp) | gp = *(arg_10h);
| label_0:
0x004080d4 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x004080d8 move v0, t8 | v0 = t8;
0x004080dc lw t8, -0x7e18(gp) | t8 = *((gp - 8070));
0x004080e0 lw v1, 0x74(fp) | v1 = *(arg_74h);
0x004080e4 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x004080e8 beq v1, t8, 0x408100 |
0x004080ec nop |
0x004080f0 lw t8, -0x7ea8(gp) | t8 = sym.imp.__stack_chk_fail;
0x004080f4 move t9, t8 | t9 = t8;
0x004080f8 jalr t9 | t9 ();
0x004080fc nop |
| }
0x00408100 move sp, fp |
0x00408104 lw ra, 0x7c(sp) | ra = *(var_7ch);
0x00408108 lw fp, 0x78(sp) | fp = *(var_78h);
0x0040810c addiu sp, sp, 0x80 |
0x00408110 jr ra | return v1;
0x00408114 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/start_wps @ 0x4065ec */
| #include <stdint.h>
|
; (fcn) sym.mtk_get_wsc_status_int__char_const__int_ () | void mtk_get_wsc_status_int_char_const_int_ () {
| /* mtk_get_wsc_status(int, char const*, int*) */
0x004065ec lui gp, 2 |
0x004065f0 addiu gp, gp, -0x25cc |
0x004065f4 addu gp, gp, t9 | gp += t9;
0x004065f8 addiu sp, sp, -0xea8 |
0x004065fc sw ra, 0xea4(sp) | *(var_ea4h) = ra;
0x00406600 sw fp, 0xea0(sp) | *(var_ea0h) = fp;
0x00406604 move fp, sp | fp = sp;
0x00406608 sw gp, 0x10(sp) | *(var_10h) = gp;
0x0040660c sw a0, 0x24(fp) | *(arg_24h) = a0;
0x00406610 sw a1, 0x20(fp) | *(arg_20h) = a1;
0x00406614 sw a2, 0x1c(fp) | *(arg_1ch) = a2;
0x00406618 lw t8, -0x7e18(gp) | t8 = *((gp - 8070));
0x0040661c lw t8, (t8) | t8 = *(t8);
0x00406620 sw t8, 0xe9c(fp) | *(arg_e9ch) = t8;
0x00406624 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
0x00406628 addiu v1, fp, 0x3cc | v1 = fp + 0x3cc;
| /* str.STATUS_WSC_NOTUSED */
0x0040662c addiu v0, t8, -0x6860 | v0 = t8 + -0x6860;
0x00406630 addiu t8, zero, 0xac0 | t8 = 0xac0;
0x00406634 move a0, v1 | a0 = v1;
0x00406638 move a1, v0 | a1 = v0;
0x0040663c move a2, t8 | a2 = t8;
0x00406640 lw t8, -0x7e2c(gp) | t8 = sym.imp.memcpy;
0x00406644 move t9, t8 | t9 = t8;
0x00406648 jalr t9 | t9 ();
0x0040664c nop |
0x00406650 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00406654 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
0x00406658 addiu v1, fp, 0x4c | v1 = fp + 0x4c;
| /* str.NULL */
0x0040665c addiu v0, t8, -0x5da0 | v0 = t8 + -0x5da0;
0x00406660 addiu t8, zero, 0x380 | t8 = 0x380;
0x00406664 move a0, v1 | a0 = v1;
0x00406668 move a1, v0 | a1 = v0;
0x0040666c move a2, t8 | a2 = t8;
0x00406670 lw t8, -0x7e2c(gp) | t8 = sym.imp.memcpy;
0x00406674 move t9, t8 | t9 = t8;
0x00406678 jalr t9 | t9 ();
0x0040667c nop |
0x00406680 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00406684 addiu t8, fp, 0xe8c | t8 = fp + 0xe8c;
0x00406688 move a0, t8 | a0 = t8;
0x0040668c addiu a1, zero, 0x10 | a1 = 0x10;
0x00406690 lw t8, -0x7eec(gp) | t8 = sym.imp.bzero;
0x00406694 move t9, t8 | t9 = t8;
0x00406698 jalr t9 | t9 ();
0x0040669c nop |
0x004066a0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004066a4 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x004066a8 lwl v0, 3(t8) | __asm ("lwl v0, 3(t8)");
0x004066ac move a0, v0 | a0 = v0;
0x004066b0 lwr a0, (t8) | __asm ("lwr a0, (t8)");
0x004066b4 lwl v0, 7(t8) | __asm ("lwl v0, 7(t8)");
0x004066b8 move v1, v0 | v1 = v0;
0x004066bc lwr v1, 4(t8) | __asm ("lwr v1, 4(t8)");
0x004066c0 lwl v0, 0xb(t8) | __asm ("lwl v0, 0xb(t8)");
0x004066c4 lwr v0, 8(t8) | __asm ("lwr v0, 8(t8)");
0x004066c8 lwl a1, 0xf(t8) | __asm ("lwl a1, 0xf(t8)");
0x004066cc move a2, a1 | a2 = a1;
0x004066d0 lwr a2, 0xc(t8) | __asm ("lwr a2, 0xc(t8)");
0x004066d4 move t8, a2 | t8 = a2;
0x004066d8 sw a0, 0xe8c(fp) | *(arg_e8ch) = a0;
0x004066dc sw v1, 0xe90(fp) | *(arg_e90h) = v1;
0x004066e0 sw v0, 0xe94(fp) | *(arg_e94h) = v0;
0x004066e4 sw t8, 0xe98(fp) | *(arg_e98h) = t8;
0x004066e8 addiu v0, fp, 0x2c | v0 = fp + 0x2c;
0x004066ec addiu t8, fp, 0xe8c | t8 = fp + 0xe8c;
0x004066f0 move a0, v0 | a0 = v0;
0x004066f4 move a1, t8 | a1 = t8;
0x004066f8 addiu a2, zero, 0x10 | a2 = 0x10;
0x004066fc lw t8, -0x7ed4(gp) | t8 = sym.imp.strncpy;
0x00406700 move t9, t8 | t9 = t8;
0x00406704 jalr t9 | t9 ();
0x00406708 nop |
0x0040670c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00406710 addiu t8, zero, 4 | t8 = 4;
0x00406714 sh t8, 0x40(fp) | *(arg_40h) = t8;
0x00406718 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x0040671c sw t8, 0x3c(fp) | *(arg_3ch) = t8;
0x00406720 addiu t8, zero, 0x751 | t8 = 0x751;
0x00406724 sh t8, 0x42(fp) | *(arg_42h) = t8;
0x00406728 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x0040672c lw a0, 0x24(fp) | a0 = *(arg_24h);
0x00406730 ori a1, zero, 0x8be1 | a1 = 0x8be1;
0x00406734 move a2, t8 | a2 = t8;
0x00406738 lw t8, -0x7e58(gp) | t8 = sym.imp.ioctl;
0x0040673c move t9, t8 | t9 = t8;
0x00406740 jalr t9 | t9 ();
0x00406744 nop |
0x00406748 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040674c move t8, v0 | t8 = v0;
0x00406750 srl t8, t8, 0x1f | t8 >>= 0x1f;
0x00406754 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00406758 beqz t8, 0x406788 |
0x0040675c nop |
0x00406760 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.RT_OID_WSC_QUERY_STATUS */
0x00406764 addiu a0, t8, -0x6890 | a0 = t8 + -0x6890;
0x00406768 lw t8, -0x7ee4(gp) | t8 = sym.imp.perror;
0x0040676c move t9, t8 | t9 = t8;
0x00406770 jalr t9 | t9 ();
0x00406774 nop |
0x00406778 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040677c addiu t8, zero, -1 | t8 = -1;
0x00406780 b 0x4067fc | goto label_0;
0x00406784 nop |
| }
0x00406788 lw v0, 0x28(fp) | v0 = *(arg_28h);
0x0040678c lw t8, 0x1c(fp) | t8 = *(arg_1ch);
0x00406790 sw v0, (t8) | *(t8) = v0;
0x00406794 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x00406798 slti t8, t8, 0x101 | t8 = (t8 < 0x101) ? 1 : 0;
| if (t8 == 0) {
0x0040679c bnez t8, 0x4067c0 |
0x004067a0 nop |
0x004067a4 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x004067a8 addiu t8, t8, -0x100 | t8 += -0x100;
0x004067ac addiu v0, fp, 0x4c | v0 = fp + 0x4c;
0x004067b0 sll t8, t8, 6 | t8 <<= 6;
0x004067b4 addu t8, v0, t8 | t8 = v0 + t8;
0x004067b8 b 0x4067d0 | goto label_1;
0x004067bc nop |
| }
0x004067c0 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x004067c4 addiu v0, fp, 0x3cc | v0 = fp + 0x3cc;
0x004067c8 sll t8, t8, 6 | t8 <<= 6;
0x004067cc addu t8, v0, t8 | t8 = v0 + t8;
| label_1:
0x004067d0 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str._s:_WSC_status:__s__n */
0x004067d4 addiu a0, v0, -0x6878 | a0 = v0 + -0x6878;
0x004067d8 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str.mtk_get_wsc_status */
0x004067dc addiu a1, v0, -0x57c0 | a1 = v0 + -0x57c0;
0x004067e0 move a2, t8 | a2 = t8;
0x004067e4 lw t8, -0x7f30(gp) | t8 = sym.imp.printf
0x004067e8 move t9, t8 | t9 = t8;
0x004067ec jalr t9 | t9 ();
0x004067f0 nop |
0x004067f4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004067f8 move t8, zero | t8 = 0;
| label_0:
0x004067fc move v0, t8 | v0 = t8;
0x00406800 lw t8, -0x7e18(gp) | t8 = *((gp - 8070));
0x00406804 lw v1, 0xe9c(fp) | v1 = *(arg_e9ch);
0x00406808 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x0040680c beq v1, t8, 0x406824 |
0x00406810 nop |
0x00406814 lw t8, -0x7ea8(gp) | t8 = sym.imp.__stack_chk_fail;
0x00406818 move t9, t8 | t9 = t8;
0x0040681c jalr t9 | t9 ();
0x00406820 nop |
| }
0x00406824 move sp, fp |
0x00406828 lw ra, 0xea4(sp) | ra = *(var_ea4h);
0x0040682c lw fp, 0xea0(sp) | fp = *(var_ea0h);
0x00406830 addiu sp, sp, 0xea8 |
0x00406834 jr ra | return v1;
0x00406838 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/start_wps @ 0x401e70 */
| #include <stdint.h>
|
; (fcn) sym.send_signal_ps_char_const__int__int_ () | void send_signal_ps_char_const_int_int_ () {
| /* send_signal_ps(char const*, int, int) */
0x00401e70 lui gp, 2 |
0x00401e74 addiu gp, gp, 0x21b0 |
0x00401e78 addu gp, gp, t9 | gp += t9;
0x00401e7c addiu sp, sp, -0x40 |
0x00401e80 sw ra, 0x3c(sp) | *(var_3ch) = ra;
0x00401e84 sw fp, 0x38(sp) | *(var_38h) = fp;
0x00401e88 move fp, sp | fp = sp;
0x00401e8c sw gp, 0x10(sp) | *(var_10h) = gp;
0x00401e90 sw a0, 0x24(fp) | *(arg_24h) = a0;
0x00401e94 sw a1, 0x20(fp) | *(arg_20h) = a1;
0x00401e98 sw a2, 0x1c(fp) | *(arg_1ch) = a2;
0x00401e9c lw t8, -0x7e18(gp) | t8 = *((gp - 8070));
0x00401ea0 lw t8, (t8) | t8 = *(t8);
0x00401ea4 sw t8, 0x34(fp) | *(arg_34h) = t8;
0x00401ea8 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x00401eac lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* section..rodata */
0x00401eb0 addiu a1, t8, -0x7130 | a1 = t8 + -0x7130;
0x00401eb4 lw t8, -0x7e54(gp) | t8 = sym.imp.fopen64;
0x00401eb8 move t9, t8 | t9 = t8;
0x00401ebc jalr t9 | t9 ();
0x00401ec0 nop |
0x00401ec4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401ec8 move t8, v0 | t8 = v0;
0x00401ecc sw t8, 0x30(fp) | *(arg_30h) = t8;
0x00401ed0 sw zero, 0x2c(fp) | *(arg_2ch) = 0;
0x00401ed4 lw t8, 0x30(fp) | t8 = *(arg_30h);
| if (t8 == 0) {
0x00401ed8 bnez t8, 0x401eec |
0x00401edc nop |
0x00401ee0 move t8, zero | t8 = 0;
0x00401ee4 b 0x402020 | goto label_0;
0x00401ee8 nop |
| }
0x00401eec addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00401ef0 lw a0, 0x30(fp) | a0 = *(arg_30h);
0x00401ef4 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* esilref: '&d' */
0x00401ef8 addiu a1, v0, -0x712c | a1 = v0 + -0x712c;
0x00401efc move a2, t8 | a2 = t8;
0x00401f00 lw t8, -0x7f40(gp) | t8 = sym.imp.fscanf;
0x00401f04 move t9, t8 | t9 = t8;
0x00401f08 jalr t9 | t9 ();
0x00401f0c nop |
0x00401f10 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401f14 lw a0, 0x30(fp) | a0 = *(arg_30h);
0x00401f18 lw t8, -0x7ea0(gp) | t8 = sym.imp.fclose;
0x00401f1c move t9, t8 | t9 = t8;
0x00401f20 jalr t9 | t9 ();
0x00401f24 nop |
0x00401f28 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401f2c lw t8, 0x28(fp) | t8 = *(arg_28h);
0x00401f30 move a0, t8 | a0 = t8;
0x00401f34 lw a1, 0x20(fp) | a1 = *(arg_20h);
0x00401f38 lw t8, -0x7f4c(gp) | t8 = sym.imp.kill;
0x00401f3c move t9, t8 | t9 = t8;
0x00401f40 jalr t9 | t9 ();
0x00401f44 nop |
0x00401f48 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401f4c lw t8, 0x1c(fp) | t8 = *(arg_1ch);
| if (t8 == 0) {
0x00401f50 beqz t8, 0x40201c | goto label_1;
| }
0x00401f54 nop |
0x00401f58 sw zero, 0x2c(fp) | *(arg_2ch) = 0;
0x00401f5c b 0x401fc4 | goto label_2;
0x00401f60 nop |
| do {
0x00401f64 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x00401f68 move a0, t8 | a0 = t8;
0x00401f6c move a1, zero | a1 = 0;
0x00401f70 lw t8, -0x7f4c(gp) | t8 = sym.imp.kill;
0x00401f74 move t9, t8 | t9 = t8;
0x00401f78 jalr t9 | t9 ();
0x00401f7c nop |
0x00401f80 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401f84 move t8, v0 | t8 = v0;
0x00401f88 sltu t8, zero, t8 | t8 = (0 < t8) ? 1 : 0;
0x00401f8c andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00401f90 beqz t8, 0x401fa0 |
0x00401f94 nop |
0x00401f98 b 0x401fd4 | goto label_3;
0x00401f9c nop |
| }
0x00401fa0 addiu a0, zero, 1 | a0 = 1;
0x00401fa4 lw t8, -0x7e34(gp) | t8 = sym.imp.sleep;
0x00401fa8 move t9, t8 | t9 = t8;
0x00401fac jalr t9 | t9 ();
0x00401fb0 nop |
0x00401fb4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401fb8 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x00401fbc addiu t8, t8, 1 | t8++;
0x00401fc0 sw t8, 0x2c(fp) | *(arg_2ch) = t8;
| label_2:
0x00401fc4 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x00401fc8 slti t8, t8, 0xa | t8 = (t8 < 0xa) ? 1 : 0;
0x00401fcc bnez t8, 0x401f64 |
| } while (t8 != 0);
0x00401fd0 nop |
| label_3:
0x00401fd4 lw v0, 0x2c(fp) | v0 = *(arg_2ch);
0x00401fd8 addiu t8, zero, 0xa | t8 = 0xa;
| if (v0 == t8) {
0x00401fdc bne v0, t8, 0x40201c |
0x00401fe0 nop |
0x00401fe4 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x00401fe8 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str.Can_not_kill_process_ID__d__pidfile_s__signal_d_n */
0x00401fec addiu a0, v0, -0x7128 | a0 = v0 + -0x7128;
0x00401ff0 move a1, t8 | a1 = t8;
0x00401ff4 lw a2, 0x24(fp) | a2 = *(arg_24h);
0x00401ff8 lw a3, 0x20(fp) | a3 = *(arg_20h);
0x00401ffc lw t8, -0x7f30(gp) | t8 = sym.imp.printf
0x00402000 move t9, t8 | t9 = t8;
0x00402004 jalr t9 | t9 ();
0x00402008 nop |
0x0040200c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00402010 addiu t8, zero, -1 | t8 = -1;
0x00402014 b 0x402020 | goto label_0;
0x00402018 nop |
| }
| label_1:
0x0040201c move t8, zero | t8 = 0;
| label_0:
0x00402020 move v0, t8 | v0 = t8;
0x00402024 lw t8, -0x7e18(gp) | t8 = *((gp - 8070));
0x00402028 lw v1, 0x34(fp) | v1 = *(arg_34h);
0x0040202c lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x00402030 beq v1, t8, 0x402048 |
0x00402034 nop |
0x00402038 lw t8, -0x7ea8(gp) | t8 = sym.imp.__stack_chk_fail;
0x0040203c move t9, t8 | t9 = t8;
0x00402040 jalr t9 | t9 ();
0x00402044 nop |
| }
0x00402048 move sp, fp |
0x0040204c lw ra, 0x3c(sp) | ra = *(var_3ch);
0x00402050 lw fp, 0x38(sp) | fp = *(var_38h);
0x00402054 addiu sp, sp, 0x40 |
0x00402058 jr ra | return v1;
0x0040205c nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/start_wps @ 0x403824 */
| #include <stdint.h>
|
; (fcn) sym.wps_kill_pid_char__int_ () | void wps_kill_pid_char_int_ () {
| /* wps_kill_pid(char*, int) */
0x00403824 lui gp, 2 |
0x00403828 addiu gp, gp, 0x7fc |
0x0040382c addu gp, gp, t9 | gp += t9;
0x00403830 addiu sp, sp, -0x38 |
0x00403834 sw ra, 0x34(sp) | *(var_34h) = ra;
0x00403838 sw fp, 0x30(sp) | *(var_30h) = fp;
0x0040383c move fp, sp | fp = sp;
0x00403840 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00403844 sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x00403848 sw a1, 0x18(fp) | *(arg_18h) = a1;
0x0040384c lw t8, -0x7e18(gp) | t8 = *((gp - 8070));
0x00403850 lw t8, (t8) | t8 = *(t8);
0x00403854 sw t8, 0x2c(fp) | *(arg_2ch) = t8;
0x00403858 lw a0, 0x1c(fp) | a0 = *(arg_1ch);
0x0040385c lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* section..rodata */
0x00403860 addiu a1, t8, -0x7130 | a1 = t8 + -0x7130;
0x00403864 lw t8, -0x7e54(gp) | t8 = sym.imp.fopen64;
0x00403868 move t9, t8 | t9 = t8;
0x0040386c jalr t9 | t9 ();
0x00403870 nop |
0x00403874 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00403878 move t8, v0 | t8 = v0;
0x0040387c sw t8, 0x28(fp) | *(arg_28h) = t8;
0x00403880 sw zero, 0x24(fp) | *(arg_24h) = 0;
0x00403884 lw t8, 0x28(fp) | t8 = *(arg_28h);
| if (t8 == 0) {
0x00403888 bnez t8, 0x40389c |
0x0040388c nop |
0x00403890 move t8, zero | t8 = 0;
0x00403894 b 0x4039dc | goto label_0;
0x00403898 nop |
| }
0x0040389c addiu t8, fp, 0x20 | t8 = fp + 0x20;
0x004038a0 lw a0, 0x28(fp) | a0 = *(arg_28h);
0x004038a4 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* esilref: '&d' */
0x004038a8 addiu a1, v0, -0x712c | a1 = v0 + -0x712c;
0x004038ac move a2, t8 | a2 = t8;
0x004038b0 lw t8, -0x7f40(gp) | t8 = sym.imp.fscanf;
0x004038b4 move t9, t8 | t9 = t8;
0x004038b8 jalr t9 | t9 ();
0x004038bc nop |
0x004038c0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004038c4 lw a0, 0x28(fp) | a0 = *(arg_28h);
0x004038c8 lw t8, -0x7ea0(gp) | t8 = sym.imp.fclose;
0x004038cc move t9, t8 | t9 = t8;
0x004038d0 jalr t9 | t9 ();
0x004038d4 nop |
0x004038d8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004038dc lw t8, 0x20(fp) | t8 = *(arg_20h);
0x004038e0 move a0, t8 | a0 = t8;
0x004038e4 lw a1, 0x18(fp) | a1 = *(arg_18h);
0x004038e8 lw t8, -0x7f4c(gp) | t8 = sym.imp.kill;
0x004038ec move t9, t8 | t9 = t8;
0x004038f0 jalr t9 | t9 ();
0x004038f4 nop |
0x004038f8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004038fc sw zero, 0x24(fp) | *(arg_24h) = 0;
0x00403900 b 0x403968 | goto label_1;
0x00403904 nop |
| do {
0x00403908 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x0040390c move a0, t8 | a0 = t8;
0x00403910 move a1, zero | a1 = 0;
0x00403914 lw t8, -0x7f4c(gp) | t8 = sym.imp.kill;
0x00403918 move t9, t8 | t9 = t8;
0x0040391c jalr t9 | t9 ();
0x00403920 nop |
0x00403924 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00403928 move t8, v0 | t8 = v0;
0x0040392c sltu t8, zero, t8 | t8 = (0 < t8) ? 1 : 0;
0x00403930 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00403934 beqz t8, 0x403944 |
0x00403938 nop |
0x0040393c b 0x403978 | goto label_2;
0x00403940 nop |
| }
0x00403944 addiu a0, zero, 1 | a0 = 1;
0x00403948 lw t8, -0x7e34(gp) | t8 = sym.imp.sleep;
0x0040394c move t9, t8 | t9 = t8;
0x00403950 jalr t9 | t9 ();
0x00403954 nop |
0x00403958 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040395c lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00403960 addiu t8, t8, 1 | t8++;
0x00403964 sw t8, 0x24(fp) | *(arg_24h) = t8;
| label_1:
0x00403968 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x0040396c slti t8, t8, 0xa | t8 = (t8 < 0xa) ? 1 : 0;
0x00403970 bnez t8, 0x403908 |
| } while (t8 != 0);
0x00403974 nop |
| label_2:
0x00403978 lw v0, 0x24(fp) | v0 = *(arg_24h);
0x0040397c addiu t8, zero, 0xa | t8 = 0xa;
| if (v0 == t8) {
0x00403980 bne v0, t8, 0x4039c0 |
0x00403984 nop |
0x00403988 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x0040398c lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str.Can_not_kill_process_ID__d__pidfile_s__signal_d_n */
0x00403990 addiu a0, v0, -0x7128 | a0 = v0 + -0x7128;
0x00403994 move a1, t8 | a1 = t8;
0x00403998 lw a2, 0x1c(fp) | a2 = *(arg_1ch);
0x0040399c lw a3, 0x18(fp) | a3 = *(arg_18h);
0x004039a0 lw t8, -0x7f30(gp) | t8 = sym.imp.printf
0x004039a4 move t9, t8 | t9 = t8;
0x004039a8 jalr t9 | t9 ();
0x004039ac nop |
0x004039b0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004039b4 addiu t8, zero, -1 | t8 = -1;
0x004039b8 b 0x4039dc | goto label_0;
0x004039bc nop |
| }
0x004039c0 lw a0, 0x1c(fp) | a0 = *(arg_1ch);
0x004039c4 lw t8, -0x7ed8(gp) | t8 = sym.imp.unlink;
0x004039c8 move t9, t8 | t9 = t8;
0x004039cc jalr t9 | t9 ();
0x004039d0 nop |
0x004039d4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004039d8 move t8, zero | t8 = 0;
| label_0:
0x004039dc move v0, t8 | v0 = t8;
0x004039e0 lw t8, -0x7e18(gp) | t8 = *((gp - 8070));
0x004039e4 lw v1, 0x2c(fp) | v1 = *(arg_2ch);
0x004039e8 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x004039ec beq v1, t8, 0x403a04 |
0x004039f0 nop |
0x004039f4 lw t8, -0x7ea8(gp) | t8 = sym.imp.__stack_chk_fail;
0x004039f8 move t9, t8 | t9 = t8;
0x004039fc jalr t9 | t9 ();
0x00403a00 nop |
| }
0x00403a04 move sp, fp |
0x00403a08 lw ra, 0x34(sp) | ra = *(var_34h);
0x00403a0c lw fp, 0x30(sp) | fp = *(var_30h);
0x00403a10 addiu sp, sp, 0x38 |
0x00403a14 jr ra | return v1;
0x00403a18 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/start_wps @ 0x405844 */
| #include <stdint.h>
|
; (fcn) sym.wps_mtk_apclient_start_int__char_const_ () | void wps_mtk_apclient_start_int_char_const_ () {
| /* wps_mtk_apclient_start(int, char const*) */
0x00405844 lui gp, 2 |
0x00405848 addiu gp, gp, -0x1824 |
0x0040584c addu gp, gp, t9 | gp += t9;
0x00405850 addiu sp, sp, -0x35a8 |
0x00405854 sw ra, 0x35a4(sp) | *(arg_35a4h) = ra;
0x00405858 sw fp, 0x35a0(sp) | *(arg_35a0h) = fp;
0x0040585c sw s0, 0x359c(sp) | *(arg_359ch) = s0;
0x00405860 move fp, sp | fp = sp;
0x00405864 sw gp, 0x18(sp) | *(arg_18h) = gp;
0x00405868 sw a0, 0x24(fp) | *(arg_24h) = a0;
0x0040586c sw a1, 0x20(fp) | *(arg_20h) = a1;
0x00405870 lw t8, -0x7e18(gp) | t8 = *((gp - 8070));
0x00405874 lw t8, (t8) | t8 = *(t8);
0x00405878 sw t8, 0x3594(fp) | *(arg_3594h) = t8;
0x0040587c addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00405880 move a0, t8 | a0 = t8;
0x00405884 lw t8, -0x7fd0(gp) | t8 = *(gp);
0x00405888 move t9, t8 | t9 = t8;
0x0040588c jalr t9 | t9 ();
0x00405890 nop |
0x00405894 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405898 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str._s__d__ENTER_n */
0x0040589c addiu a0, t8, -0x69dc | a0 = t8 + -0x69dc;
0x004058a0 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.wps_mtk_apclient_start */
0x004058a4 addiu a1, t8, -0x57f0 | a1 = t8 + -0x57f0;
0x004058a8 addiu a2, zero, 0x2a0 | a2 = 0x2a0;
0x004058ac lw t8, -0x7f30(gp) | t8 = sym.imp.printf
0x004058b0 move t9, t8 | t9 = t8;
0x004058b4 jalr t9 | t9 ();
0x004058b8 nop |
0x004058bc lw gp, 0x18(fp) | gp = *(arg_18h);
0x004058c0 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x004058c4 move a0, t8 | a0 = t8;
0x004058c8 lw t8, -0x7f04(gp) | t8 = *(gp);
0x004058cc move t9, t8 | t9 = t8;
0x004058d0 jalr t9 | t9 ();
0x004058d4 nop |
0x004058d8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x004058dc addiu v0, fp, 0x28 | v0 = fp + 0x28;
0x004058e0 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x004058e4 move a0, v0 | a0 = v0;
0x004058e8 move a1, t8 | a1 = t8;
0x004058ec lw t8, -0x7ef8(gp) | t8 = *(gp);
0x004058f0 move t9, t8 | t9 = t8;
0x004058f4 jalr t9 | t9 ();
0x004058f8 nop |
0x004058fc lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405900 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00405904 move a0, t8 | a0 = t8;
0x00405908 lw t8, -0x7e30(gp) | t8 = *(gp);
0x0040590c move t9, t8 | t9 = t8;
0x00405910 jalr t9 | t9 ();
0x00405914 nop |
0x00405918 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040591c addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405920 sw v0, 0x10(sp) | *(arg_10h) = v0;
0x00405924 move a0, t8 | a0 = t8;
0x00405928 addiu a1, zero, 0x40 | a1 = 0x40;
0x0040592c lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.iwpriv__s_set_ApCliSsid__s_ */
0x00405930 addiu a2, t8, -0x69cc | a2 = t8 + -0x69cc;
0x00405934 lw a3, 0x20(fp) | a3 = *(arg_20h);
0x00405938 lw t8, -0x7e74(gp) | t8 = sym.imp.snprintf
0x0040593c move t9, t8 | t9 = t8;
0x00405940 jalr t9 | t9 ();
0x00405944 nop |
0x00405948 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040594c addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00405950 move a0, t8 | a0 = t8;
0x00405954 lw t8, -0x7e80(gp) | t8 = *(gp);
0x00405958 move t9, t8 | t9 = t8;
0x0040595c jalr t9 | t9 ();
0x00405960 nop |
0x00405964 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405968 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x0040596c move a0, t8 | a0 = t8;
0x00405970 lw t8, -0x7f38(gp) | t8 = sym.imp.puts;
0x00405974 move t9, t8 | t9 = t8;
0x00405978 jalr t9 | t9 ();
0x0040597c nop |
0x00405980 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405984 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405988 move a0, t8 | a0 = t8;
0x0040598c lw t8, -0x7e28(gp) | t8 = sym.imp.system;
0x00405990 move t9, t8 | t9 = t8;
0x00405994 jalr t9 | t9 ();
0x00405998 nop |
0x0040599c lw gp, 0x18(fp) | gp = *(arg_18h);
0x004059a0 addiu a0, zero, 1 | a0 = 1;
0x004059a4 lw t8, -0x7e34(gp) | t8 = sym.imp.sleep;
0x004059a8 move t9, t8 | t9 = t8;
0x004059ac jalr t9 | t9 ();
0x004059b0 nop |
0x004059b4 lw gp, 0x18(fp) | gp = *(arg_18h);
0x004059b8 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x004059bc move a0, t8 | a0 = t8;
0x004059c0 addiu a1, zero, 0x40 | a1 = 0x40;
0x004059c4 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.iwpriv__s_set_ApCliEnable1 */
0x004059c8 addiu a2, t8, -0x69ac | a2 = t8 + -0x69ac;
0x004059cc lw a3, 0x20(fp) | a3 = *(arg_20h);
0x004059d0 lw t8, -0x7e74(gp) | t8 = sym.imp.snprintf
0x004059d4 move t9, t8 | t9 = t8;
0x004059d8 jalr t9 | t9 ();
0x004059dc nop |
0x004059e0 lw gp, 0x18(fp) | gp = *(arg_18h);
0x004059e4 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x004059e8 move a0, t8 | a0 = t8;
0x004059ec lw t8, -0x7f38(gp) | t8 = sym.imp.puts;
0x004059f0 move t9, t8 | t9 = t8;
0x004059f4 jalr t9 | t9 ();
0x004059f8 nop |
0x004059fc lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405a00 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405a04 move a0, t8 | a0 = t8;
0x00405a08 lw t8, -0x7e28(gp) | t8 = sym.imp.system;
0x00405a0c move t9, t8 | t9 = t8;
0x00405a10 jalr t9 | t9 ();
0x00405a14 nop |
0x00405a18 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405a1c addiu a0, zero, 1 | a0 = 1;
0x00405a20 lw t8, -0x7e34(gp) | t8 = sym.imp.sleep;
0x00405a24 move t9, t8 | t9 = t8;
0x00405a28 jalr t9 | t9 ();
0x00405a2c nop |
0x00405a30 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405a34 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405a38 move a0, t8 | a0 = t8;
0x00405a3c addiu a1, zero, 0x40 | a1 = 0x40;
0x00405a40 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.iwpriv__s_set_WscConfMode1 */
0x00405a44 addiu a2, t8, -0x6990 | a2 = t8 + -0x6990;
0x00405a48 lw a3, 0x20(fp) | a3 = *(arg_20h);
0x00405a4c lw t8, -0x7e74(gp) | t8 = sym.imp.snprintf
0x00405a50 move t9, t8 | t9 = t8;
0x00405a54 jalr t9 | t9 ();
0x00405a58 nop |
0x00405a5c lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405a60 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405a64 move a0, t8 | a0 = t8;
0x00405a68 lw t8, -0x7f38(gp) | t8 = sym.imp.puts;
0x00405a6c move t9, t8 | t9 = t8;
0x00405a70 jalr t9 | t9 ();
0x00405a74 nop |
0x00405a78 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405a7c addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405a80 move a0, t8 | a0 = t8;
0x00405a84 lw t8, -0x7e28(gp) | t8 = sym.imp.system;
0x00405a88 move t9, t8 | t9 = t8;
0x00405a8c jalr t9 | t9 ();
0x00405a90 nop |
0x00405a94 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405a98 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405a9c move a0, t8 | a0 = t8;
0x00405aa0 addiu a1, zero, 0x40 | a1 = 0x40;
0x00405aa4 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.iwpriv__s_set_WscMode2 */
0x00405aa8 addiu a2, t8, -0x6974 | a2 = t8 + -0x6974;
0x00405aac lw a3, 0x20(fp) | a3 = *(arg_20h);
0x00405ab0 lw t8, -0x7e74(gp) | t8 = sym.imp.snprintf
0x00405ab4 move t9, t8 | t9 = t8;
0x00405ab8 jalr t9 | t9 ();
0x00405abc nop |
0x00405ac0 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405ac4 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405ac8 move a0, t8 | a0 = t8;
0x00405acc lw t8, -0x7f38(gp) | t8 = sym.imp.puts;
0x00405ad0 move t9, t8 | t9 = t8;
0x00405ad4 jalr t9 | t9 ();
0x00405ad8 nop |
0x00405adc lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405ae0 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405ae4 move a0, t8 | a0 = t8;
0x00405ae8 lw t8, -0x7e28(gp) | t8 = sym.imp.system;
0x00405aec move t9, t8 | t9 = t8;
0x00405af0 jalr t9 | t9 ();
0x00405af4 nop |
0x00405af8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405afc addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405b00 move a0, t8 | a0 = t8;
0x00405b04 addiu a1, zero, 0x40 | a1 = 0x40;
0x00405b08 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.iwpriv__s_set_WscStatus1 */
0x00405b0c addiu a2, t8, -0x695c | a2 = t8 + -0x695c;
0x00405b10 lw a3, 0x20(fp) | a3 = *(arg_20h);
0x00405b14 lw t8, -0x7e74(gp) | t8 = sym.imp.snprintf
0x00405b18 move t9, t8 | t9 = t8;
0x00405b1c jalr t9 | t9 ();
0x00405b20 nop |
0x00405b24 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405b28 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405b2c move a0, t8 | a0 = t8;
0x00405b30 lw t8, -0x7f38(gp) | t8 = sym.imp.puts;
0x00405b34 move t9, t8 | t9 = t8;
0x00405b38 jalr t9 | t9 ();
0x00405b3c nop |
0x00405b40 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405b44 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405b48 move a0, t8 | a0 = t8;
0x00405b4c lw t8, -0x7e28(gp) | t8 = sym.imp.system;
0x00405b50 move t9, t8 | t9 = t8;
0x00405b54 jalr t9 | t9 ();
0x00405b58 nop |
0x00405b5c lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405b60 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405b64 move a0, t8 | a0 = t8;
0x00405b68 addiu a1, zero, 0x40 | a1 = 0x40;
0x00405b6c lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.iwpriv__s_set_WscGetConf1 */
0x00405b70 addiu a2, t8, -0x6940 | a2 = t8 + -0x6940;
0x00405b74 lw a3, 0x20(fp) | a3 = *(arg_20h);
0x00405b78 lw t8, -0x7e74(gp) | t8 = sym.imp.snprintf
0x00405b7c move t9, t8 | t9 = t8;
0x00405b80 jalr t9 | t9 ();
0x00405b84 nop |
0x00405b88 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405b8c addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405b90 move a0, t8 | a0 = t8;
0x00405b94 lw t8, -0x7f38(gp) | t8 = sym.imp.puts;
0x00405b98 move t9, t8 | t9 = t8;
0x00405b9c jalr t9 | t9 ();
0x00405ba0 nop |
0x00405ba4 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405ba8 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405bac move a0, t8 | a0 = t8;
0x00405bb0 lw t8, -0x7e28(gp) | t8 = sym.imp.system;
0x00405bb4 move t9, t8 | t9 = t8;
0x00405bb8 jalr t9 | t9 ();
0x00405bbc nop |
0x00405bc0 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405bc4 addiu a0, zero, 1 | a0 = 1;
0x00405bc8 lw t8, -0x7e34(gp) | t8 = sym.imp.sleep;
0x00405bcc move t9, t8 | t9 = t8;
0x00405bd0 jalr t9 | t9 ();
0x00405bd4 nop |
0x00405bd8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405bdc addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405be0 move a0, t8 | a0 = t8;
0x00405be4 addiu a1, zero, 0x40 | a1 = 0x40;
0x00405be8 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.iwpriv__s_set_ApCliEnable1 */
0x00405bec addiu a2, t8, -0x69ac | a2 = t8 + -0x69ac;
0x00405bf0 lw a3, 0x20(fp) | a3 = *(arg_20h);
0x00405bf4 lw t8, -0x7e74(gp) | t8 = sym.imp.snprintf
0x00405bf8 move t9, t8 | t9 = t8;
0x00405bfc jalr t9 | t9 ();
0x00405c00 nop |
0x00405c04 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405c08 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405c0c move a0, t8 | a0 = t8;
0x00405c10 lw t8, -0x7f38(gp) | t8 = sym.imp.puts;
0x00405c14 move t9, t8 | t9 = t8;
0x00405c18 jalr t9 | t9 ();
0x00405c1c nop |
0x00405c20 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405c24 addiu t8, fp, 0x3554 | t8 = fp + 0x3554;
0x00405c28 move a0, t8 | a0 = t8;
0x00405c2c lw t8, -0x7e28(gp) | t8 = sym.imp.system;
0x00405c30 move t9, t8 | t9 = t8;
0x00405c34 jalr t9 | t9 ();
0x00405c38 nop |
0x00405c3c lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405c40 addiu a0, zero, 1 | a0 = 1;
0x00405c44 lw t8, -0x7e34(gp) | t8 = sym.imp.sleep;
0x00405c48 move t9, t8 | t9 = t8;
0x00405c4c jalr t9 | t9 ();
0x00405c50 nop |
0x00405c54 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405c58 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00405c5c move a0, t8 | a0 = t8;
0x00405c60 lw t8, -0x7e08(gp) | t8 = sym.imp.PIB::PIB__;
0x00405c64 move t9, t8 | t9 = t8;
0x00405c68 jalr t9 | t9 ();
0x00405c6c nop |
0x00405c70 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00405c74 lw t8, -0x7e18(gp) | t8 = *((gp - 8070));
0x00405c78 lw v0, 0x3594(fp) | v0 = *(arg_3594h);
0x00405c7c lw t8, (t8) | t8 = *(t8);
| if (v0 == t8) {
0x00405c80 beq v0, t8, 0x405d08 | void (*0x405d08)() ();
| }
0x00405c84 nop |
0x00405c88 b 0x405cf8 | void (*0x405cf8)() ();
0x00405c8c nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/start_wps @ 0x405d24 */
| #include <stdint.h>
|
; (fcn) sym.wps_mtk_apclient_stop_int__char_const_ () | void wps_mtk_apclient_stop_int_char_const_ () {
| /* wps_mtk_apclient_stop(int, char const*) */
0x00405d24 lui gp, 2 |
0x00405d28 addiu gp, gp, -0x1d04 |
0x00405d2c addu gp, gp, t9 | gp += t9;
0x00405d30 addiu sp, sp, -0x70 |
0x00405d34 sw ra, 0x6c(sp) | *(var_6ch) = ra;
0x00405d38 sw fp, 0x68(sp) | *(var_68h) = fp;
0x00405d3c move fp, sp | fp = sp;
0x00405d40 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00405d44 sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x00405d48 sw a1, 0x18(fp) | *(arg_18h) = a1;
0x00405d4c lw t8, -0x7e18(gp) | t8 = *((gp - 8070));
0x00405d50 lw t8, (t8) | t8 = *(t8);
0x00405d54 sw t8, 0x64(fp) | *(arg_64h) = t8;
0x00405d58 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str._s__d__ENTER_n */
0x00405d5c addiu a0, t8, -0x69dc | a0 = t8 + -0x69dc;
0x00405d60 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.wps_mtk_apclient_stop */
0x00405d64 addiu a1, t8, -0x57d8 | a1 = t8 + -0x57d8;
0x00405d68 addiu a2, zero, 0x2c1 | a2 = 0x2c1;
0x00405d6c lw t8, -0x7f30(gp) | t8 = sym.imp.printf
0x00405d70 move t9, t8 | t9 = t8;
0x00405d74 jalr t9 | t9 ();
0x00405d78 nop |
0x00405d7c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405d80 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405d84 move a0, t8 | a0 = t8;
0x00405d88 addiu a1, zero, 0x40 | a1 = 0x40;
0x00405d8c lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.iwpriv__s_set_ApCliEnable1 */
0x00405d90 addiu a2, t8, -0x69ac | a2 = t8 + -0x69ac;
0x00405d94 lw a3, 0x18(fp) | a3 = *(arg_18h);
0x00405d98 lw t8, -0x7e74(gp) | t8 = sym.imp.snprintf
0x00405d9c move t9, t8 | t9 = t8;
0x00405da0 jalr t9 | t9 ();
0x00405da4 nop |
0x00405da8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405dac addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405db0 move a0, t8 | a0 = t8;
0x00405db4 lw t8, -0x7f38(gp) | t8 = sym.imp.puts;
0x00405db8 move t9, t8 | t9 = t8;
0x00405dbc jalr t9 | t9 ();
0x00405dc0 nop |
0x00405dc4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405dc8 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405dcc move a0, t8 | a0 = t8;
0x00405dd0 lw t8, -0x7e28(gp) | t8 = sym.imp.system;
0x00405dd4 move t9, t8 | t9 = t8;
0x00405dd8 jalr t9 | t9 ();
0x00405ddc nop |
0x00405de0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405de4 addiu a0, zero, 1 | a0 = 1;
0x00405de8 lw t8, -0x7e34(gp) | t8 = sym.imp.sleep;
0x00405dec move t9, t8 | t9 = t8;
0x00405df0 jalr t9 | t9 ();
0x00405df4 nop |
0x00405df8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405dfc addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405e00 move a0, t8 | a0 = t8;
0x00405e04 addiu a1, zero, 0x40 | a1 = 0x40;
0x00405e08 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.iwpriv__s_set_WscConfMode0 */
0x00405e0c addiu a2, t8, -0x6924 | a2 = t8 + -0x6924;
0x00405e10 lw a3, 0x18(fp) | a3 = *(arg_18h);
0x00405e14 lw t8, -0x7e74(gp) | t8 = sym.imp.snprintf
0x00405e18 move t9, t8 | t9 = t8;
0x00405e1c jalr t9 | t9 ();
0x00405e20 nop |
0x00405e24 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405e28 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405e2c move a0, t8 | a0 = t8;
0x00405e30 lw t8, -0x7f38(gp) | t8 = sym.imp.puts;
0x00405e34 move t9, t8 | t9 = t8;
0x00405e38 jalr t9 | t9 ();
0x00405e3c nop |
0x00405e40 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405e44 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405e48 move a0, t8 | a0 = t8;
0x00405e4c lw t8, -0x7e28(gp) | t8 = sym.imp.system;
0x00405e50 move t9, t8 | t9 = t8;
0x00405e54 jalr t9 | t9 ();
0x00405e58 nop |
0x00405e5c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405e60 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405e64 move a0, t8 | a0 = t8;
0x00405e68 addiu a1, zero, 0x40 | a1 = 0x40;
0x00405e6c lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.iwpriv__s_set_WscMode2 */
0x00405e70 addiu a2, t8, -0x6974 | a2 = t8 + -0x6974;
0x00405e74 lw a3, 0x18(fp) | a3 = *(arg_18h);
0x00405e78 lw t8, -0x7e74(gp) | t8 = sym.imp.snprintf
0x00405e7c move t9, t8 | t9 = t8;
0x00405e80 jalr t9 | t9 ();
0x00405e84 nop |
0x00405e88 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405e8c addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405e90 move a0, t8 | a0 = t8;
0x00405e94 lw t8, -0x7f38(gp) | t8 = sym.imp.puts;
0x00405e98 move t9, t8 | t9 = t8;
0x00405e9c jalr t9 | t9 ();
0x00405ea0 nop |
0x00405ea4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405ea8 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405eac move a0, t8 | a0 = t8;
0x00405eb0 lw t8, -0x7e28(gp) | t8 = sym.imp.system;
0x00405eb4 move t9, t8 | t9 = t8;
0x00405eb8 jalr t9 | t9 ();
0x00405ebc nop |
0x00405ec0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405ec4 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405ec8 move a0, t8 | a0 = t8;
0x00405ecc addiu a1, zero, 0x40 | a1 = 0x40;
0x00405ed0 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.iwpriv__s_set_WscStatus0 */
0x00405ed4 addiu a2, t8, -0x6908 | a2 = t8 + -0x6908;
0x00405ed8 lw a3, 0x18(fp) | a3 = *(arg_18h);
0x00405edc lw t8, -0x7e74(gp) | t8 = sym.imp.snprintf
0x00405ee0 move t9, t8 | t9 = t8;
0x00405ee4 jalr t9 | t9 ();
0x00405ee8 nop |
0x00405eec lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405ef0 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405ef4 move a0, t8 | a0 = t8;
0x00405ef8 lw t8, -0x7f38(gp) | t8 = sym.imp.puts;
0x00405efc move t9, t8 | t9 = t8;
0x00405f00 jalr t9 | t9 ();
0x00405f04 nop |
0x00405f08 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405f0c addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405f10 move a0, t8 | a0 = t8;
0x00405f14 lw t8, -0x7e28(gp) | t8 = sym.imp.system;
0x00405f18 move t9, t8 | t9 = t8;
0x00405f1c jalr t9 | t9 ();
0x00405f20 nop |
0x00405f24 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405f28 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405f2c move a0, t8 | a0 = t8;
0x00405f30 addiu a1, zero, 0x40 | a1 = 0x40;
0x00405f34 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.iwpriv__s_set_WscGetConf0 */
0x00405f38 addiu a2, t8, -0x68ec | a2 = t8 + -0x68ec;
0x00405f3c lw a3, 0x18(fp) | a3 = *(arg_18h);
0x00405f40 lw t8, -0x7e74(gp) | t8 = sym.imp.snprintf
0x00405f44 move t9, t8 | t9 = t8;
0x00405f48 jalr t9 | t9 ();
0x00405f4c nop |
0x00405f50 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405f54 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405f58 move a0, t8 | a0 = t8;
0x00405f5c lw t8, -0x7f38(gp) | t8 = sym.imp.puts;
0x00405f60 move t9, t8 | t9 = t8;
0x00405f64 jalr t9 | t9 ();
0x00405f68 nop |
0x00405f6c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405f70 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405f74 move a0, t8 | a0 = t8;
0x00405f78 lw t8, -0x7e28(gp) | t8 = sym.imp.system;
0x00405f7c move t9, t8 | t9 = t8;
0x00405f80 jalr t9 | t9 ();
0x00405f84 nop |
0x00405f88 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405f8c addiu a0, zero, 1 | a0 = 1;
0x00405f90 lw t8, -0x7e34(gp) | t8 = sym.imp.sleep;
0x00405f94 move t9, t8 | t9 = t8;
0x00405f98 jalr t9 | t9 ();
0x00405f9c nop |
0x00405fa0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405fa4 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405fa8 move a0, t8 | a0 = t8;
0x00405fac addiu a1, zero, 0x40 | a1 = 0x40;
0x00405fb0 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.iwpriv__s_set_ApCliEnable1 */
0x00405fb4 addiu a2, t8, -0x69ac | a2 = t8 + -0x69ac;
0x00405fb8 lw a3, 0x18(fp) | a3 = *(arg_18h);
0x00405fbc lw t8, -0x7e74(gp) | t8 = sym.imp.snprintf
0x00405fc0 move t9, t8 | t9 = t8;
0x00405fc4 jalr t9 | t9 ();
0x00405fc8 nop |
0x00405fcc lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405fd0 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405fd4 move a0, t8 | a0 = t8;
0x00405fd8 lw t8, -0x7f38(gp) | t8 = sym.imp.puts;
0x00405fdc move t9, t8 | t9 = t8;
0x00405fe0 jalr t9 | t9 ();
0x00405fe4 nop |
0x00405fe8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00405fec addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00405ff0 move a0, t8 | a0 = t8;
0x00405ff4 lw t8, -0x7e28(gp) | t8 = sym.imp.system;
0x00405ff8 move t9, t8 | t9 = t8;
0x00405ffc jalr t9 | t9 ();
0x00406000 nop |
0x00406004 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00406008 addiu a0, zero, 1 | a0 = 1;
0x0040600c lw t8, -0x7e34(gp) | t8 = sym.imp.sleep;
0x00406010 move t9, t8 | t9 = t8;
0x00406014 jalr t9 | t9 ();
0x00406018 nop |
0x0040601c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00406020 lw t8, -0x7e18(gp) | t8 = *((gp - 8070));
0x00406024 lw v0, 0x64(fp) | v0 = *(arg_64h);
0x00406028 lw t8, (t8) | t8 = *(t8);
| if (v0 != t8) {
0x0040602c beq v0, t8, 0x406044 |
0x00406030 nop |
0x00406034 lw t8, -0x7ea8(gp) | t8 = sym.imp.__stack_chk_fail;
0x00406038 move t9, t8 | t9 = t8;
0x0040603c jalr t9 | t9 ();
0x00406040 nop |
| }
0x00406044 move sp, fp |
0x00406048 lw ra, 0x6c(sp) | ra = *(var_6ch);
0x0040604c lw fp, 0x68(sp) | fp = *(var_68h);
0x00406050 addiu sp, sp, 0x70 |
0x00406054 jr ra | return v0;
0x00406058 nop |
| }
[*] Function printf used 21 times start_wps
