[*] Binary protection state of discovery
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of discovery
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/discovery @ 0x40a260 */
| #include <stdint.h>
|
; (fcn) method.NetAddress.setAddress_char_const__int__int_ () | void method_NetAddress_setAddress_char_const_int_int_ () {
| /* NetAddress::setAddress(char const*, int, int) */
0x0040a260 lui gp, 4 |
0x0040a264 addiu gp, gp, -0x41f0 |
0x0040a268 addu gp, gp, t9 | gp += t9;
0x0040a26c addiu sp, sp, -0x68 |
0x0040a270 sw ra, 0x64(sp) | *(var_64h) = ra;
0x0040a274 sw fp, 0x60(sp) | *(var_60h) = fp;
0x0040a278 move fp, sp | fp = sp;
0x0040a27c sw gp, 0x18(sp) | *(var_18h) = gp;
0x0040a280 sw a0, 0x2c(fp) | *(arg_2ch) = a0;
0x0040a284 sw a1, 0x28(fp) | *(arg_28h) = a1;
0x0040a288 sw a2, 0x24(fp) | *(arg_24h) = a2;
0x0040a28c sw a3, 0x20(fp) | *(arg_20h) = a3;
0x0040a290 lw t8, -0x7c04(gp) | t8 = *((gp - 7937));
0x0040a294 lw t8, (t8) | t8 = *(t8);
0x0040a298 sw t8, 0x5c(fp) | *(arg_5ch) = t8;
0x0040a29c sw zero, 0x34(fp) | *(arg_34h) = 0;
0x0040a2a0 lw t8, 0x28(fp) | t8 = *(arg_28h);
| if (t8 != 0) {
0x0040a2a4 beqz t8, 0x40a2bc |
0x0040a2a8 nop |
0x0040a2ac lw t8, 0x28(fp) | t8 = *(arg_28h);
0x0040a2b0 lb t8, (t8) | t8 = *(t8);
| if (t8 != 0) {
0x0040a2b4 bnez t8, 0x40a308 | goto label_0;
| }
0x0040a2b8 nop |
| }
0x0040a2bc lw t8, 0x20(fp) | t8 = *(arg_20h);
| if (t8 != 0) {
0x0040a2c0 beqz t8, 0x40a428 |
0x0040a2c4 nop |
0x0040a2c8 lw v0, 0x20(fp) | v0 = *(arg_20h);
0x0040a2cc addiu t8, zero, 2 | t8 = 2;
| if (v0 == t8) {
0x0040a2d0 bne v0, t8, 0x40a2ec |
0x0040a2d4 nop |
0x0040a2d8 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.0.0.0.0 */
0x0040a2dc addiu t8, t8, 0x6af0 | t8 += 0x6af0;
0x0040a2e0 sw t8, 0x28(fp) | *(arg_28h) = t8;
0x0040a2e4 b 0x40a308 | goto label_0;
0x0040a2e8 nop |
| }
0x0040a2ec lw v0, 0x20(fp) | v0 = *(arg_20h);
0x0040a2f0 addiu t8, zero, 0xa | t8 = 0xa;
| if (v0 == t8) {
0x0040a2f4 bne v0, t8, 0x40a308 |
0x0040a2f8 nop |
0x0040a2fc lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* esilref: '::' */
0x0040a300 addiu t8, t8, 0x6af8 | t8 += 0x6af8;
0x0040a304 sw t8, 0x28(fp) | *(arg_28h) = t8;
| }
| label_0:
0x0040a308 addiu t8, fp, 0x3c | t8 = fp + 0x3c;
0x0040a30c move a0, t8 | a0 = t8;
0x0040a310 move a1, zero | a1 = 0;
0x0040a314 addiu a2, zero, 0x20 | a2 = 0x20;
0x0040a318 lw t8, -0x7d04(gp) | t8 = sym.imp.memset;
0x0040a31c move t9, t8 | t9 = t8;
0x0040a320 jalr t9 | t9 ();
0x0040a324 nop |
0x0040a328 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040a32c lw t8, 0x20(fp) | t8 = *(arg_20h);
0x0040a330 sw t8, 0x40(fp) | *(arg_40h) = t8;
0x0040a334 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x0040a338 sw t8, 0x3c(fp) | *(arg_3ch) = t8;
0x0040a33c addiu t8, zero, 1 | t8 = 1;
0x0040a340 sw t8, 0x44(fp) | *(arg_44h) = t8;
0x0040a344 sw zero, 0x48(fp) | *(arg_48h) = 0;
0x0040a348 sw zero, 0x54(fp) | *(arg_54h) = 0;
0x0040a34c sw zero, 0x50(fp) | *(arg_50h) = 0;
0x0040a350 sw zero, 0x58(fp) | *(arg_58h) = 0;
0x0040a354 addiu v0, fp, 0x3c | v0 = fp + 0x3c;
0x0040a358 addiu t8, fp, 0x34 | t8 = fp + 0x34;
0x0040a35c lw a0, 0x28(fp) | a0 = *(arg_28h);
0x0040a360 move a1, zero | a1 = 0;
0x0040a364 move a2, v0 | a2 = v0;
0x0040a368 move a3, t8 | a3 = t8;
0x0040a36c lw t8, -0x7db0(gp) | t8 = sym.imp.getaddrinfo;
0x0040a370 move t9, t8 | t9 = t8;
0x0040a374 jalr t9 | t9 ();
0x0040a378 nop |
0x0040a37c lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040a380 move t8, v0 | t8 = v0;
0x0040a384 sw t8, 0x38(fp) | *(arg_38h) = t8;
0x0040a388 lw t8, 0x38(fp) | t8 = *(arg_38h);
| if (t8 == 0) {
0x0040a38c bnez t8, 0x40a3f0 |
0x0040a390 nop |
0x0040a394 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x0040a398 addiu v1, t8, 4 | v1 = t8 + 4;
0x0040a39c lw t8, 0x34(fp) | t8 = *(arg_34h);
0x0040a3a0 lw v0, 0x14(t8) | v0 = *((t8 + 5));
0x0040a3a4 lw t8, 0x34(fp) | t8 = *(arg_34h);
0x0040a3a8 lw t8, 0x10(t8) | t8 = *((t8 + 4));
0x0040a3ac move a0, v1 | a0 = v1;
0x0040a3b0 move a1, v0 | a1 = v0;
0x0040a3b4 move a2, t8 | a2 = t8;
0x0040a3b8 lw t8, -0x7c14(gp) | t8 = sym.imp.memcpy;
0x0040a3bc move t9, t8 | t9 = t8;
0x0040a3c0 jalr t9 | t9 ();
0x0040a3c4 nop |
0x0040a3c8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040a3cc lw t8, 0x34(fp) | t8 = *(arg_34h);
0x0040a3d0 move a0, t8 | a0 = t8;
0x0040a3d4 lw t8, -0x7c48(gp) | t8 = sym.imp.freeaddrinfo;
0x0040a3d8 move t9, t8 | t9 = t8;
0x0040a3dc jalr t9 | t9 ();
0x0040a3e0 nop |
0x0040a3e4 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040a3e8 b 0x40a428 | goto label_1;
0x0040a3ec nop |
| }
0x0040a3f0 lw t8, -0x7cd0(gp) | t8 = *((gp - 7988));
0x0040a3f4 lw t8, (t8) | t8 = *(t8);
0x0040a3f8 lw v0, 0x20(fp) | v0 = *(arg_20h);
0x0040a3fc sw v0, 0x10(sp) | *(var_10h) = v0;
0x0040a400 move a0, t8 | a0 = t8;
0x0040a404 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.NetAddress::setAddress___getaddrinfo___failed_for_IP__s___flags__d___family__d__n */
0x0040a408 addiu a1, t8, 0x6afc | a1 = t8 + 0x6afc;
0x0040a40c lw a2, 0x28(fp) | a2 = *(arg_28h);
0x0040a410 lw a3, 0x24(fp) | a3 = *(arg_24h);
0x0040a414 lw t8, -0x7d2c(gp) | t8 = sym.imp.fprintf
0x0040a418 move t9, t8 | t9 = t8;
0x0040a41c jalr t9 | t9 ();
0x0040a420 nop |
0x0040a424 lw gp, 0x18(fp) | gp = *(arg_18h);
| }
| label_1:
0x0040a428 lw t8, -0x7c04(gp) | t8 = *((gp - 7937));
0x0040a42c lw v0, 0x5c(fp) | v0 = *(arg_5ch);
0x0040a430 lw t8, (t8) | t8 = *(t8);
| if (v0 != t8) {
0x0040a434 beq v0, t8, 0x40a44c |
0x0040a438 nop |
0x0040a43c lw t8, -0x7cc8(gp) | t8 = sym.imp.__stack_chk_fail;
0x0040a440 move t9, t8 | t9 = t8;
0x0040a444 jalr t9 | t9 ();
0x0040a448 nop |
| }
0x0040a44c move sp, fp |
0x0040a450 lw ra, 0x64(sp) | ra = *(var_64h);
0x0040a454 lw fp, 0x60(sp) | fp = *(var_60h);
0x0040a458 addiu sp, sp, 0x68 |
0x0040a45c jr ra | return v0;
0x0040a460 nop |
| }
[*] Function fprintf used 2 times discovery
