[*] Binary protection state of mfgbox
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of mfgbox
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/bin/mfgbox @ 0x409dd4 */
| #include <stdint.h>
|
; (fcn) sym.TestPlayer_int__char_const_ () | void TestPlayer_int_char_const_ () {
| /* TestPlayer(int, char const**) */
0x00409dd4 lui gp, 2 |
0x00409dd8 addiu gp, gp, -0x4d84 |
0x00409ddc addu gp, gp, t9 | gp += t9;
0x00409de0 addiu sp, sp, -0x4d8 |
0x00409de4 sw ra, 0x4d4(sp) | *(var_4d4h) = ra;
0x00409de8 sw fp, 0x4d0(sp) | *(var_4d0h) = fp;
0x00409dec move fp, sp | fp = sp;
0x00409df0 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00409df4 sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x00409df8 sw a1, 0x18(fp) | *(arg_18h) = a1;
0x00409dfc lw t8, -0x7e58(gp) | t8 = *((gp - 8086));
0x00409e00 lw t8, (t8) | t8 = *(t8);
0x00409e04 sw t8, 0x4cc(fp) | *(arg_4cch) = t8;
0x00409e08 lw v0, 0x1c(fp) | v0 = *(arg_1ch);
0x00409e0c addiu t8, zero, 2 | t8 = 2;
| if (v0 != t8) {
0x00409e10 beq v0, t8, 0x409e38 |
0x00409e14 nop |
0x00409e18 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* aav.0x00409d50 */
0x00409e1c addiu t8, t8, -0x62b0 | t8 += -0x62b0;
0x00409e20 move t9, t8 | t9 = t8;
0x00409e24 jalr t9 | t9 ();
0x00409e28 nop |
0x00409e2c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00409e30 b 0x409fb0 | goto label_0;
0x00409e34 nop |
| }
0x00409e38 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00409e3c lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str._sbin_Player */
0x00409e40 addiu a0, v0, -0x463c | a0 = v0 + -0x463c;
0x00409e44 move a1, t8 | a1 = t8;
0x00409e48 lw t8, -0x7ea4(gp) | t8 = sym.imp.stat64;
0x00409e4c move t9, t8 | t9 = t8;
0x00409e50 jalr t9 | t9 ();
0x00409e54 nop |
0x00409e58 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00409e5c move t8, v0 | t8 = v0;
| if (t8 == 0) {
0x00409e60 bnez t8, 0x409e80 |
0x00409e64 nop |
0x00409e68 lw t8, 0x40(fp) | t8 = *(arg_40h);
| if (t8 == 0) {
0x00409e6c beqz t8, 0x409e80 | goto label_1;
| }
0x00409e70 nop |
0x00409e74 addiu t8, zero, 1 | t8 = 1;
0x00409e78 b 0x409e84 | goto label_2;
0x00409e7c nop |
| }
| label_1:
0x00409e80 move t8, zero | t8 = 0;
| if (t8 != 0) {
| label_2:
0x00409e84 beqz t8, 0x409f90 |
0x00409e88 nop |
0x00409e8c lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.killall_Player___dev_null_2__dev_null */
0x00409e90 addiu a0, t8, -0x462c | a0 = t8 + -0x462c;
0x00409e94 lw t8, -0x7e5c(gp) | t8 = sym.imp.system;
0x00409e98 move t9, t8 | t9 = t8;
0x00409e9c jalr t9 | t9 ();
0x00409ea0 nop |
0x00409ea4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00409ea8 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str._tmp_mfg_playlist */
0x00409eac addiu a0, t8, -0x4604 | a0 = t8 + -0x4604;
0x00409eb0 lw t8, -0x7e78(gp) | t8 = sym.imp.remove;
0x00409eb4 move t9, t8 | t9 = t8;
0x00409eb8 jalr t9 | t9 ();
0x00409ebc nop |
0x00409ec0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00409ec4 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str._tmp_mfg_playlist */
0x00409ec8 addiu a0, t8, -0x4604 | a0 = t8 + -0x4604;
0x00409ecc lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
0x00409ed0 addiu a1, t8, -0x45f0 | a1 = t8 + -0x45f0;
0x00409ed4 lw t8, -0x7e84(gp) | t8 = sym.imp.fopen64;
0x00409ed8 move t9, t8 | t9 = t8;
0x00409edc jalr t9 | t9 ();
0x00409ee0 nop |
0x00409ee4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00409ee8 move t8, v0 | t8 = v0;
0x00409eec sw t8, 0x24(fp) | *(arg_24h) = t8;
0x00409ef0 lw t8, 0x18(fp) | t8 = *(arg_18h);
0x00409ef4 addiu t8, t8, 4 | t8 += 4;
0x00409ef8 lw t8, (t8) | t8 = *(t8);
0x00409efc lw a0, 0x24(fp) | a0 = *(arg_24h);
0x00409f00 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* esilref: '&s
' */
0x00409f04 addiu a1, v0, -0x45ec | a1 = v0 + -0x45ec;
0x00409f08 move a2, t8 | a2 = t8;
0x00409f0c lw t8, -0x7f08(gp) | t8 = sym.imp.fprintf
0x00409f10 move t9, t8 | t9 = t8;
0x00409f14 jalr t9 | t9 ();
0x00409f18 nop |
0x00409f1c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00409f20 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x00409f24 lw t8, -0x7eb0(gp) | t8 = sym.imp.fclose;
0x00409f28 move t9, t8 | t9 = t8;
0x00409f2c jalr t9 | t9 ();
0x00409f30 nop |
0x00409f34 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00409f38 addiu v0, fp, 0xcc | v0 = fp + 0xcc;
0x00409f3c lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
0x00409f40 move v1, v0 | v1 = v0;
| /* str._sbin_Player_0_0_0_0_0_0__tmp_mfg_playlist */
0x00409f44 addiu v0, t8, -0x45e8 | v0 = t8 + -0x45e8;
0x00409f48 addiu t8, zero, 0x2b | t8 = 0x2b;
0x00409f4c move a0, v1 | a0 = v1;
0x00409f50 move a1, v0 | a1 = v0;
0x00409f54 move a2, t8 | a2 = t8;
0x00409f58 lw t8, -0x7e68(gp) | t8 = sym.imp.memcpy;
0x00409f5c move t9, t8 | t9 = t8;
0x00409f60 jalr t9 | t9 ();
0x00409f64 nop |
0x00409f68 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00409f6c addiu t8, fp, 0xcc | t8 = fp + 0xcc;
0x00409f70 move a0, t8 | a0 = t8;
0x00409f74 lw t8, -0x7e5c(gp) | t8 = sym.imp.system;
0x00409f78 move t9, t8 | t9 = t8;
0x00409f7c jalr t9 | t9 ();
0x00409f80 nop |
0x00409f84 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00409f88 b 0x409fb0 | goto label_0;
0x00409f8c nop |
| }
0x00409f90 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.Player_does_not_exist_or_not_excutable__abort..._ */
0x00409f94 addiu a0, t8, -0x45bc | a0 = t8 + -0x45bc;
0x00409f98 lw t8, -0x7f4c(gp) | t8 = sym.imp.puts;
0x00409f9c move t9, t8 | t9 = t8;
0x00409fa0 jalr t9 | t9 ();
0x00409fa4 nop |
0x00409fa8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00409fac nop |
| label_0:
0x00409fb0 lw t8, -0x7e58(gp) | t8 = *((gp - 8086));
0x00409fb4 lw v0, 0x4cc(fp) | v0 = *(arg_4cch);
0x00409fb8 lw t8, (t8) | t8 = *(t8);
| if (v0 != t8) {
0x00409fbc beq v0, t8, 0x409fd4 |
0x00409fc0 nop |
0x00409fc4 lw t8, -0x7ebc(gp) | t8 = sym.imp.__stack_chk_fail;
0x00409fc8 move t9, t8 | t9 = t8;
0x00409fcc jalr t9 | t9 ();
0x00409fd0 nop |
| }
0x00409fd4 move sp, fp |
0x00409fd8 lw ra, 0x4d4(sp) | ra = *(var_4d4h);
0x00409fdc lw fp, 0x4d0(sp) | fp = *(var_4d0h);
0x00409fe0 addiu sp, sp, 0x4d8 |
0x00409fe4 jr ra | return v0;
0x00409fe8 nop |
| }
[*] Function fprintf used 2 times mfgbox
