[*] Binary protection state of gen_bt_config
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of gen_bt_config
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/gen_bt_config @ 0x402424 */
| #include <stdint.h>
|
; (fcn) sym.update_bluetoothd_conf_char_const_ () | void update_bluetoothd_conf_char_const_ () {
| /* update_bluetoothd_conf(char const*) */
0x00402424 lui gp, 2 |
0x00402428 addiu gp, gp, -0x2404 |
0x0040242c addu gp, gp, t9 | gp += t9;
0x00402430 addiu sp, sp, -0xb0 |
0x00402434 sw ra, 0xac(sp) | *(var_ach) = ra;
0x00402438 sw fp, 0xa8(sp) | *(var_a8h) = fp;
0x0040243c move fp, sp | fp = sp;
0x00402440 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00402444 sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x00402448 lw t8, -0x7edc(gp) | t8 = *((gp - 8119));
0x0040244c lw t8, (t8) | t8 = *(t8);
0x00402450 sw t8, 0xa4(fp) | *(arg_a4h) = t8;
0x00402454 addiu v0, fp, 0x24 | v0 = fp + 0x24;
0x00402458 addiu t8, zero, 0x80 | t8 = 0x80;
0x0040245c move a0, v0 | a0 = v0;
0x00402460 move a1, zero | a1 = 0;
0x00402464 move a2, t8 | a2 = t8;
0x00402468 lw t8, -0x7f60(gp) | t8 = sym.imp.memset;
0x0040246c move t9, t8 | t9 = t8;
0x00402470 jalr t9 | t9 ();
0x00402474 nop |
0x00402478 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040247c sw zero, 0x20(fp) | *(arg_20h) = 0;
0x00402480 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str._etc_bluetooth_main.conf */
0x00402484 addiu a0, t8, 0x72c4 | a0 = t8 + 0x72c4;
0x00402488 lw t8, -0x7f58(gp) | t8 = sym.imp.unlink;
0x0040248c move t9, t8 | t9 = t8;
0x00402490 jalr t9 | t9 ();
0x00402494 nop |
0x00402498 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040249c lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str._etc_bluetooth_main.conf */
0x004024a0 addiu a0, t8, 0x72c4 | a0 = t8 + 0x72c4;
0x004024a4 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* esilref: 'w+' */
0x004024a8 addiu a1, t8, 0x7254 | a1 = t8 + 0x7254;
0x004024ac lw t8, -0x7f04(gp) | t8 = sym.imp.fopen64;
0x004024b0 move t9, t8 | t9 = t8;
0x004024b4 jalr t9 | t9 ();
0x004024b8 nop |
0x004024bc lw gp, 0x10(fp) | gp = *(arg_10h);
0x004024c0 move t8, v0 | t8 = v0;
0x004024c4 sw t8, 0x20(fp) | *(arg_20h) = t8;
0x004024c8 lw t8, 0x20(fp) | t8 = *(arg_20h);
| if (t8 != 0) {
0x004024cc beqz t8, 0x402600 |
0x004024d0 nop |
0x004024d4 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str._General__n */
0x004024d8 addiu a0, t8, 0x72e0 | a0 = t8 + 0x72e0;
0x004024dc addiu a1, zero, 1 | a1 = 1;
0x004024e0 addiu a2, zero, 0xa | a2 = 0xa;
0x004024e4 lw a3, 0x20(fp) | a3 = *(arg_20h);
0x004024e8 lw t8, -0x7ee0(gp) | t8 = sym.imp.fwrite;
0x004024ec move t9, t8 | t9 = t8;
0x004024f0 jalr t9 | t9 ();
0x004024f4 nop |
0x004024f8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004024fc addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00402500 move a0, t8 | a0 = t8;
0x00402504 addiu a1, zero, 0x80 | a1 = 0x80;
0x00402508 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str.Name___s_n */
0x0040250c addiu a2, t8, 0x72ec | a2 = t8 + 0x72ec;
0x00402510 lw a3, 0x1c(fp) | a3 = *(arg_1ch);
0x00402514 lw t8, -0x7f20(gp) | t8 = sym.imp.snprintf;
0x00402518 move t9, t8 | t9 = t8;
0x0040251c jalr t9 | t9 ();
0x00402520 nop |
0x00402524 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00402528 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x0040252c lw a0, 0x20(fp) | a0 = *(arg_20h);
0x00402530 move a1, t8 | a1 = t8;
0x00402534 lw t8, -0x7f68(gp) | t8 = sym.imp.fprintf
0x00402538 move t9, t8 | t9 = t8;
0x0040253c jalr t9 | t9 ();
0x00402540 nop |
0x00402544 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00402548 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str.DiscoverableTimeout__0_n */
0x0040254c addiu a0, t8, 0x72f8 | a0 = t8 + 0x72f8;
0x00402550 addiu a1, zero, 1 | a1 = 1;
0x00402554 addiu a2, zero, 0x18 | a2 = 0x18;
0x00402558 lw a3, 0x20(fp) | a3 = *(arg_20h);
0x0040255c lw t8, -0x7ee0(gp) | t8 = sym.imp.fwrite;
0x00402560 move t9, t8 | t9 = t8;
0x00402564 jalr t9 | t9 ();
0x00402568 nop |
0x0040256c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00402570 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str.PairableTimeout__0_n */
0x00402574 addiu a0, t8, 0x7314 | a0 = t8 + 0x7314;
0x00402578 addiu a1, zero, 1 | a1 = 1;
0x0040257c addiu a2, zero, 0x14 | a2 = 0x14;
0x00402580 lw a3, 0x20(fp) | a3 = *(arg_20h);
0x00402584 lw t8, -0x7ee0(gp) | t8 = sym.imp.fwrite;
0x00402588 move t9, t8 | t9 = t8;
0x0040258c jalr t9 | t9 ();
0x00402590 nop |
0x00402594 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00402598 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str.ControllerModele_n */
0x0040259c addiu a0, t8, 0x732c | a0 = t8 + 0x732c;
0x004025a0 addiu a1, zero, 1 | a1 = 1;
0x004025a4 addiu a2, zero, 0x12 | a2 = 0x12;
0x004025a8 lw a3, 0x20(fp) | a3 = *(arg_20h);
0x004025ac lw t8, -0x7ee0(gp) | t8 = sym.imp.fwrite;
0x004025b0 move t9, t8 | t9 = t8;
0x004025b4 jalr t9 | t9 ();
0x004025b8 nop |
0x004025bc lw gp, 0x10(fp) | gp = *(arg_10h);
0x004025c0 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str.AutoConnectTimeout__3600_n */
0x004025c4 addiu a0, t8, 0x7340 | a0 = t8 + 0x7340;
0x004025c8 addiu a1, zero, 1 | a1 = 1;
0x004025cc addiu a2, zero, 0x1a | a2 = 0x1a;
0x004025d0 lw a3, 0x20(fp) | a3 = *(arg_20h);
0x004025d4 lw t8, -0x7ee0(gp) | t8 = sym.imp.fwrite;
0x004025d8 move t9, t8 | t9 = t8;
0x004025dc jalr t9 | t9 ();
0x004025e0 nop |
0x004025e4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004025e8 lw a0, 0x20(fp) | a0 = *(arg_20h);
0x004025ec lw t8, -0x7f34(gp) | t8 = sym.imp.fclose;
0x004025f0 move t9, t8 | t9 = t8;
0x004025f4 jalr t9 | t9 ();
0x004025f8 nop |
0x004025fc lw gp, 0x10(fp) | gp = *(arg_10h);
| }
0x00402600 lw t8, -0x7edc(gp) | t8 = *((gp - 8119));
0x00402604 lw v0, 0xa4(fp) | v0 = *(arg_a4h);
0x00402608 lw t8, (t8) | t8 = *(t8);
| if (v0 != t8) {
0x0040260c beq v0, t8, 0x402624 |
0x00402610 nop |
0x00402614 lw t8, -0x7f3c(gp) | t8 = sym.imp.__stack_chk_fail;
0x00402618 move t9, t8 | t9 = t8;
0x0040261c jalr t9 | t9 ();
0x00402620 nop |
| }
0x00402624 move sp, fp |
0x00402628 lw ra, 0xac(sp) | ra = *(var_ach);
0x0040262c lw fp, 0xa8(sp) | fp = *(var_a8h);
0x00402630 addiu sp, sp, 0xb0 |
0x00402634 jr ra | return v0;
0x00402638 nop |
| }
[*] Function fprintf used 2 times gen_bt_config
