[*] Binary protection state of ble_advertise
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function popen tear down of ble_advertise
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/ble_advertise @ 0x403188 */
| #include <stdint.h>
|
; (fcn) sym.generic_run_cmd_char_ () | void generic_run_cmd_char_ () {
| /* generic_run_cmd(char*) */
0x00403188 lui gp, 2 |
0x0040318c addiu gp, gp, -0x5168 |
0x00403190 addu gp, gp, t9 | gp += t9;
0x00403194 addiu sp, sp, -0x78 |
0x00403198 sw ra, 0x74(sp) | *(var_74h) = ra;
0x0040319c sw fp, 0x70(sp) | *(var_70h) = fp;
0x004031a0 move fp, sp | fp = sp;
0x004031a4 sw gp, 0x10(sp) | *(var_10h) = gp;
0x004031a8 sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x004031ac lw t8, -0x7ec8(gp) | t8 = *((gp - 8114));
0x004031b0 lw t8, (t8) | t8 = *(t8);
0x004031b4 sw t8, 0x6c(fp) | *(arg_6ch) = t8;
0x004031b8 addiu v0, fp, 0x2c | v0 = fp + 0x2c;
0x004031bc addiu t8, zero, 0x40 | t8 = 0x40;
0x004031c0 move a0, v0 | a0 = v0;
0x004031c4 move a1, zero | a1 = 0;
0x004031c8 move a2, t8 | a2 = t8;
0x004031cc lw t8, -0x7f34(gp) | t8 = sym.imp.memset;
0x004031d0 move t9, t8 | t9 = t8;
0x004031d4 jalr t9 | t9 ();
0x004031d8 nop |
0x004031dc lw gp, 0x10(fp) | gp = *(arg_10h);
0x004031e0 sw zero, 0x24(fp) | *(arg_24h) = 0;
0x004031e4 sw zero, 0x28(fp) | *(arg_28h) = 0;
0x004031e8 lw t8, 0x1c(fp) | t8 = *(arg_1ch);
| if (t8 == 0) {
0x004031ec bnez t8, 0x403200 |
0x004031f0 nop |
0x004031f4 move t8, zero | t8 = 0;
0x004031f8 b 0x4032f4 | goto label_0;
0x004031fc nop |
| }
0x00403200 lw a0, 0x1c(fp) | a0 = *(arg_1ch);
0x00403204 lw t8, -0x7fdc(gp) | t8 = *(gp);
0x00403208 addiu a1, t8, 0x4f1c | a1 = t8 + 0x4f1c;
0x0040320c lw t8, -0x7f74(gp) | t8 = sym.imp.popen
0x00403210 move t9, t8 | t9 = t8;
0x00403214 jalr t9 | t9 ();
0x00403218 nop |
0x0040321c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00403220 move t8, v0 | t8 = v0;
0x00403224 sw t8, 0x28(fp) | *(arg_28h) = t8;
0x00403228 lw t8, 0x28(fp) | t8 = *(arg_28h);
| if (t8 == 0) {
0x0040322c bnez t8, 0x403240 |
0x00403230 nop |
0x00403234 move t8, zero | t8 = 0;
0x00403238 b 0x4032f4 | goto label_0;
0x0040323c nop |
| }
0x00403240 b 0x4032a0 | goto label_1;
0x00403244 nop |
| do {
0x00403248 lw t8, 0x24(fp) | t8 = *(arg_24h);
| if (t8 == 0) {
0x0040324c bnez t8, 0x403280 |
0x00403250 nop |
0x00403254 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00403258 move a0, t8 | a0 = t8;
0x0040325c lw t8, -0x7f78(gp) | t8 = sym.imp.strdup;
0x00403260 move t9, t8 | t9 = t8;
0x00403264 jalr t9 | t9 ();
0x00403268 nop |
0x0040326c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00403270 move t8, v0 | t8 = v0;
0x00403274 sw t8, 0x24(fp) | *(arg_24h) = t8;
0x00403278 b 0x4032a0 | goto label_1;
0x0040327c nop |
| }
0x00403280 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00403284 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x00403288 move a1, t8 | a1 = t8;
0x0040328c lw t8, -0x7edc(gp) | t8 = sym.imp.strcat;
0x00403290 move t9, t8 | t9 = t8;
0x00403294 jalr t9 | t9 ();
0x00403298 nop |
0x0040329c lw gp, 0x10(fp) | gp = *(arg_10h);
| label_1:
0x004032a0 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x004032a4 move a0, t8 | a0 = t8;
0x004032a8 addiu a1, zero, 0x40 | a1 = 0x40;
0x004032ac lw a2, 0x28(fp) | a2 = *(arg_28h);
0x004032b0 lw t8, -0x7f28(gp) | t8 = sym.imp.fgets;
0x004032b4 move t9, t8 | t9 = t8;
0x004032b8 jalr t9 | t9 ();
0x004032bc nop |
0x004032c0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004032c4 move t8, v0 | t8 = v0;
0x004032c8 sltu t8, zero, t8 | t8 = (0 < t8) ? 1 : 0;
0x004032cc andi t8, t8, 0xff | t8 &= 0xff;
0x004032d0 bnez t8, 0x403248 |
| } while (t8 != 0);
0x004032d4 nop |
0x004032d8 lw a0, 0x28(fp) | a0 = *(arg_28h);
0x004032dc lw t8, -0x7f04(gp) | t8 = sym.imp.pclose;
0x004032e0 move t9, t8 | t9 = t8;
0x004032e4 jalr t9 | t9 ();
0x004032e8 nop |
0x004032ec lw gp, 0x10(fp) | gp = *(arg_10h);
0x004032f0 lw t8, 0x24(fp) | t8 = *(arg_24h);
| label_0:
0x004032f4 move v0, t8 | v0 = t8;
0x004032f8 lw t8, -0x7ec8(gp) | t8 = *((gp - 8114));
0x004032fc lw v1, 0x6c(fp) | v1 = *(arg_6ch);
0x00403300 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x00403304 beq v1, t8, 0x40331c |
0x00403308 nop |
0x0040330c lw t8, -0x7f0c(gp) | t8 = sym.imp.__stack_chk_fail;
0x00403310 move t9, t8 | t9 = t8;
0x00403314 jalr t9 | t9 ();
0x00403318 nop |
| }
0x0040331c move sp, fp |
0x00403320 lw ra, 0x74(sp) | ra = *(var_74h);
0x00403324 lw fp, 0x70(sp) | fp = *(var_70h);
0x00403328 addiu sp, sp, 0x78 |
0x0040332c jr ra | return v1;
0x00403330 nop |
| }
[*] Function popen used 2 times ble_advertise
