[*] Binary protection state of nipcabox
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of nipcabox
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/var/www/config/nipcabox @ 0x402fc0 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
0x00402fc0 lui gp, 3 |
0x00402fc4 addiu gp, gp, -0x5f90 |
0x00402fc8 addu gp, gp, t9 | gp += t9;
0x00402fcc addiu sp, sp, -0x148 |
0x00402fd0 sw ra, 0x144(sp) | *(var_144h) = ra;
0x00402fd4 sw fp, 0x140(sp) | *(var_140h) = fp;
0x00402fd8 sw s1, 0x13c(sp) | *(var_13ch) = s1;
0x00402fdc sw s0, 0x138(sp) | *(var_138h) = s0;
0x00402fe0 move fp, sp | fp = sp;
0x00402fe4 sw gp, 0x18(sp) | *(var_18h) = gp;
0x00402fe8 sw a0, 0x24(fp) | *(arg_24h) = a0;
0x00402fec sw a1, 0x20(fp) | *(arg_20h) = a1;
0x00402ff0 lw t8, -0x7e10(gp) | t8 = *((gp - 8068));
0x00402ff4 lw t8, (t8) | t8 = *(t8);
0x00402ff8 sw t8, 0x134(fp) | *(arg_134h) = t8;
0x00402ffc sw zero, 0x2c(fp) | *(arg_2ch) = 0;
0x00403000 sw zero, 0x30(fp) | *(arg_30h) = 0;
0x00403004 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x00403008 lw t8, (t8) | t8 = *(t8);
0x0040300c addiu v0, fp, 0x34 | v0 = fp + 0x34;
0x00403010 move a0, v0 | a0 = v0;
0x00403014 move a1, t8 | a1 = t8;
0x00403018 addiu a2, zero, 0xff | a2 = 0xff;
0x0040301c lw t8, -0x7e88(gp) | t8 = sym.imp.strncpy;
0x00403020 move t9, t8 | t9 = t8;
0x00403024 jalr t9 | t9 ();
0x00403028 nop |
0x0040302c lw gp, 0x18(fp) | gp = *(arg_18h);
0x00403030 sb zero, 0x133(fp) | *(arg_133h) = 0;
0x00403034 addiu t8, fp, 0x34 | t8 = fp + 0x34;
0x00403038 move a0, t8 | a0 = t8;
0x0040303c lw t8, -0x7e80(gp) | t8 = sym.imp.__xpg_basename;
0x00403040 move t9, t8 | t9 = t8;
0x00403044 jalr t9 | t9 ();
0x00403048 nop |
0x0040304c lw gp, 0x18(fp) | gp = *(arg_18h);
0x00403050 sw v0, 0x30(fp) | *(arg_30h) = v0;
0x00403054 lw t8, -0x7e6c(gp) | t8 = *((gp - 8091));
0x00403058 lw t8, (t8) | t8 = *(t8);
0x0040305c move a0, t8 | a0 = t8;
0x00403060 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.cgi_name__s_n */
0x00403064 addiu a1, t8, 0x1fa0 | a1 = t8 + 0x1fa0;
0x00403068 lw a2, 0x30(fp) | a2 = *(arg_30h);
0x0040306c lw t8, -0x7ea4(gp) | t8 = sym.imp.fprintf
0x00403070 move t9, t8 | t9 = t8;
0x00403074 jalr t9 | t9 ();
0x00403078 nop |
0x0040307c lw gp, 0x18(fp) | gp = *(arg_18h);
0x00403080 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00403084 move a0, t8 | a0 = t8;
0x00403088 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.cgi_name:_s */
0x0040308c addiu a1, t8, 0x1fb0 | a1 = t8 + 0x1fb0;
0x00403090 lw a2, 0x30(fp) | a2 = *(arg_30h);
0x00403094 lw t8, -0x7e9c(gp) | t8 = sym.imp.dbg_log_char_const__..._;
0x00403098 move t9, t8 | t9 = t8;
0x0040309c jalr t9 | t9 ();
0x004030a0 nop |
0x004030a4 lw gp, 0x18(fp) | gp = *(arg_18h);
0x004030a8 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x004030ac move a0, t8 | a0 = t8;
0x004030b0 lw t8, -0x7e48(gp) | t8 = *((gp - 8082));
0x004030b4 move t9, t8 | t9 = t8;
0x004030b8 jalr t9 | t9 ();
0x004030bc nop |
0x004030c0 lw gp, 0x18(fp) | gp = *(arg_18h);
0x004030c4 lw a0, 0x30(fp) | a0 = *(arg_30h);
0x004030c8 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.info.cgi */
0x004030cc addiu a1, t8, 0x1fbc | a1 = t8 + 0x1fbc;
0x004030d0 lw t8, -0x7ec4(gp) | t8 = sym.imp.strcmp;
0x004030d4 move t9, t8 | t9 = t8;
0x004030d8 jalr t9 | t9 ();
0x004030dc nop |
0x004030e0 lw gp, 0x18(fp) | gp = *(arg_18h);
0x004030e4 move t8, v0 | t8 = v0;
| if (t8 == 0) {
0x004030e8 bnez t8, 0x40312c |
0x004030ec nop |
0x004030f0 addiu a0, zero, 0x60c | a0 = 0x60c;
0x004030f4 lw t8, -0x7e8c(gp) | t8 = sym.imp.operator_new_unsigned_int_;
0x004030f8 move t9, t8 | t9 = t8;
0x004030fc jalr t9 | t9 ();
0x00403100 nop |
0x00403104 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00403108 move t8, v0 | t8 = v0;
0x0040310c move s0, t8 | s0 = t8;
0x00403110 move a0, s0 | a0 = s0;
0x00403114 lw t8, -0x7fd8(gp) | t8 = *(gp);
0x00403118 move t9, t8 | t9 = t8;
0x0040311c jalr t9 | t9 ();
0x00403120 nop |
0x00403124 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00403128 sw s0, 0x2c(fp) | *(arg_2ch) = s0;
| }
0x0040312c lw t8, 0x2c(fp) | t8 = *(arg_2ch);
| if (t8 != 0) {
0x00403130 beqz t8, 0x4032c4 |
0x00403134 nop |
0x00403138 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.NIPC */
0x0040313c addiu a0, t8, 0x1fc8 | a0 = t8 + 0x1fc8;
0x00403140 addiu a1, zero, 9 | a1 = 9;
0x00403144 move a2, zero | a2 = 0;
0x00403148 lw t8, -0x7e28(gp) | t8 = sym.imp.openlog;
0x0040314c move t9, t8 | t9 = t8;
0x00403150 jalr t9 | t9 ();
0x00403154 nop |
0x00403158 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040315c lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.REQUEST_METHOD */
0x00403160 addiu a0, t8, 0x1fd0 | a0 = t8 + 0x1fd0;
0x00403164 lw t8, -0x7e14(gp) | t8 = sym.imp.getenv;
0x00403168 move t9, t8 | t9 = t8;
0x0040316c jalr t9 | t9 ();
0x00403170 nop |
0x00403174 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00403178 move s0, v0 | s0 = v0;
0x0040317c lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.QUERY_STRING */
0x00403180 addiu a0, t8, 0x1fe0 | a0 = t8 + 0x1fe0;
0x00403184 lw t8, -0x7e14(gp) | t8 = sym.imp.getenv;
0x00403188 move t9, t8 | t9 = t8;
0x0040318c jalr t9 | t9 ();
0x00403190 nop |
0x00403194 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00403198 move t8, v0 | t8 = v0;
0x0040319c sw t8, 0x10(sp) | *(var_10h) = t8;
0x004031a0 addiu a0, zero, 6 | a0 = 6;
0x004031a4 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str._s:__s__s_n */
0x004031a8 addiu a1, t8, 0x1ff0 | a1 = t8 + 0x1ff0;
0x004031ac move a2, s0 | a2 = s0;
0x004031b0 lw a3, 0x30(fp) | a3 = *(arg_30h);
0x004031b4 lw t8, -0x7eb0(gp) | t8 = sym.imp.syslog;
0x004031b8 move t9, t8 | t9 = t8;
0x004031bc jalr t9 | t9 ();
0x004031c0 nop |
0x004031c4 lw gp, 0x18(fp) | gp = *(arg_18h);
0x004031c8 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x004031cc lw t8, (t8) | t8 = *(t8);
0x004031d0 addiu t8, t8, 8 | t8 += 8;
0x004031d4 lw t8, (t8) | t8 = *(t8);
0x004031d8 lw v0, 0x2c(fp) | v0 = *(arg_2ch);
0x004031dc move a0, v0 | a0 = v0;
0x004031e0 move t9, t8 | t9 = t8;
0x004031e4 jalr t9 | t9 ();
0x004031e8 nop |
0x004031ec lw gp, 0x18(fp) | gp = *(arg_18h);
0x004031f0 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x004031f4 move a0, t8 | a0 = t8;
0x004031f8 lw t8, -0x7e84(gp) | t8 = *(gp);
0x004031fc move t9, t8 | t9 = t8;
0x00403200 jalr t9 | t9 ();
0x00403204 nop |
0x00403208 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040320c move t8, v0 | t8 = v0;
| if (t8 != 0) {
0x00403210 beqz t8, 0x40325c |
0x00403214 nop |
0x00403218 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x0040321c lw t8, (t8) | t8 = *(t8);
0x00403220 addiu t8, t8, 0xc | t8 += 0xc;
0x00403224 lw t8, (t8) | t8 = *(t8);
0x00403228 lw v0, 0x2c(fp) | v0 = *(arg_2ch);
0x0040322c move a0, v0 | a0 = v0;
0x00403230 move t9, t8 | t9 = t8;
0x00403234 jalr t9 | t9 ();
0x00403238 nop |
0x0040323c lw gp, 0x18(fp) | gp = *(arg_18h);
0x00403240 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x00403244 move a0, t8 | a0 = t8;
0x00403248 lw t8, -0x7e58(gp) | t8 = *(gp);
0x0040324c move t9, t8 | t9 = t8;
0x00403250 jalr t9 | t9 ();
0x00403254 nop |
0x00403258 lw gp, 0x18(fp) | gp = *(arg_18h);
| }
0x0040325c lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x00403260 lw t8, (t8) | t8 = *(t8);
0x00403264 addiu t8, t8, 0x10 | t8 += 0x10;
0x00403268 lw t8, (t8) | t8 = *(t8);
0x0040326c lw a0, 0x2c(fp) | a0 = *(arg_2ch);
0x00403270 move t9, t8 | t9 = t8;
0x00403274 jalr t9 | t9 ();
0x00403278 nop |
0x0040327c lw gp, 0x18(fp) | gp = *(arg_18h);
0x00403280 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
| if (t8 != 0) {
0x00403284 beqz t8, 0x4032b0 |
0x00403288 nop |
0x0040328c lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x00403290 lw t8, (t8) | t8 = *(t8);
0x00403294 addiu t8, t8, 4 | t8 += 4;
0x00403298 lw t8, (t8) | t8 = *(t8);
0x0040329c lw a0, 0x2c(fp) | a0 = *(arg_2ch);
0x004032a0 move t9, t8 | t9 = t8;
0x004032a4 jalr t9 | t9 ();
0x004032a8 nop |
0x004032ac lw gp, 0x18(fp) | gp = *(arg_18h);
| }
0x004032b0 lw t8, -0x7e90(gp) | t8 = sym.imp.closelog;
0x004032b4 move t9, t8 | t9 = t8;
0x004032b8 jalr t9 | t9 ();
0x004032bc nop |
0x004032c0 lw gp, 0x18(fp) | gp = *(arg_18h);
| }
0x004032c4 move t8, zero | t8 = 0;
0x004032c8 move v0, t8 | v0 = t8;
0x004032cc lw t8, -0x7e10(gp) | t8 = *((gp - 8068));
0x004032d0 lw v1, 0x134(fp) | v1 = *(arg_134h);
0x004032d4 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x004032d8 beq v1, t8, 0x403330 |
0x004032dc nop |
0x004032e0 b 0x403320 | goto label_0;
0x004032e4 nop |
| label_0:
0x00403320 lw t8, -0x7e68(gp) | t8 = sym.imp.__stack_chk_fail;
0x00403324 move t9, t8 | t9 = t8;
0x00403328 jalr t9 | t9 ();
0x0040332c nop |
| }
0x00403330 move sp, fp |
0x00403334 lw ra, 0x144(sp) | ra = *(var_144h);
0x00403338 lw fp, 0x140(sp) | fp = *(var_140h);
0x0040333c lw s1, 0x13c(sp) | s1 = *(var_13ch);
0x00403340 lw s0, 0x138(sp) | s0 = *(var_138h);
0x00403344 addiu sp, sp, 0x148 |
0x00403348 jr ra | return v1;
0x0040334c nop |
| }
[*] Function fprintf used 2 times nipcabox
