[*] Binary protection state of wifi-tool
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function popen tear down of wifi-tool
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/wifi-tool @ 0x40d8bc */
| #include <stdint.h>
|
; (fcn) sym.dhcpOK_char_ () | void dhcpOK_char_ () {
| /* dhcpOK(char*) */
0x0040d8bc lui gp, 2 |
0x0040d8c0 addiu gp, gp, -0x387c |
0x0040d8c4 addu gp, gp, t9 | gp += t9;
0x0040d8c8 addiu sp, sp, -0x830 |
0x0040d8cc sw ra, 0x82c(sp) | *(var_82ch) = ra;
0x0040d8d0 sw fp, 0x828(sp) | *(var_828h) = fp;
0x0040d8d4 move fp, sp | fp = sp;
0x0040d8d8 sw gp, 0x10(sp) | *(var_10h) = gp;
0x0040d8dc sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x0040d8e0 lw t8, -0x7d04(gp) | t8 = *((gp - 8001));
0x0040d8e4 lw t8, (t8) | t8 = *(t8);
0x0040d8e8 sw t8, 0x824(fp) | *(arg_824h) = t8;
0x0040d8ec lw t8, -0x7eb4(gp) | t8 = *(gp);
0x0040d8f0 lw t8, (t8) | t8 = *(t8);
| if (t8 != 0) {
0x0040d8f4 beqz t8, 0x40da18 |
0x0040d8f8 nop |
0x0040d8fc addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x0040d900 move a0, t8 | a0 = t8;
0x0040d904 lw t8, -0x7fd8(gp) | t8 = *((gp - 8182));
| /* str.ifconfig__s */
0x0040d908 addiu a1, t8, -0x3f0 | a1 = t8 + -0x3f0;
0x0040d90c lw a2, 0x1c(fp) | a2 = *(arg_1ch);
0x0040d910 lw t8, -0x7e14(gp) | t8 = sym.imp.sprintf;
0x0040d914 move t9, t8 | t9 = t8;
0x0040d918 jalr t9 | t9 ();
0x0040d91c nop |
0x0040d920 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040d924 addiu t8, fp, 0x424 | t8 = fp + 0x424;
0x0040d928 move a0, t8 | a0 = t8;
0x0040d92c move a1, zero | a1 = 0;
0x0040d930 addiu a2, zero, 0x400 | a2 = 0x400;
0x0040d934 lw t8, -0x7df8(gp) | t8 = sym.imp.memset;
0x0040d938 move t9, t8 | t9 = t8;
0x0040d93c jalr t9 | t9 ();
0x0040d940 nop |
0x0040d944 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040d948 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x0040d94c move a0, t8 | a0 = t8;
0x0040d950 lw t8, -0x7fd8(gp) | t8 = *((gp - 8182));
0x0040d954 addiu a1, t8, -0x3e4 | a1 = t8 + -0x3e4;
0x0040d958 lw t8, -0x7e68(gp) | t8 = sym.imp.popen
0x0040d95c move t9, t8 | t9 = t8;
0x0040d960 jalr t9 | t9 ();
0x0040d964 nop |
0x0040d968 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040d96c move t8, v0 | t8 = v0;
0x0040d970 sw t8, 0x20(fp) | *(arg_20h) = t8;
0x0040d974 addiu t8, fp, 0x424 | t8 = fp + 0x424;
0x0040d978 move a0, t8 | a0 = t8;
0x0040d97c addiu a1, zero, 1 | a1 = 1;
0x0040d980 addiu a2, zero, 0x400 | a2 = 0x400;
0x0040d984 lw a3, 0x20(fp) | a3 = *(arg_20h);
0x0040d988 lw t8, -0x7d9c(gp) | t8 = sym.imp.fread;
0x0040d98c move t9, t8 | t9 = t8;
0x0040d990 jalr t9 | t9 ();
0x0040d994 nop |
0x0040d998 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040d99c lw a0, 0x20(fp) | a0 = *(arg_20h);
0x0040d9a0 lw t8, -0x7d98(gp) | t8 = sym.imp.fclose;
0x0040d9a4 move t9, t8 | t9 = t8;
0x0040d9a8 jalr t9 | t9 ();
0x0040d9ac nop |
0x0040d9b0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040d9b4 addiu t8, fp, 0x424 | t8 = fp + 0x424;
0x0040d9b8 move a0, t8 | a0 = t8;
0x0040d9bc lw t8, -0x7fd8(gp) | t8 = *((gp - 8182));
| /* str.inet_addr: */
0x0040d9c0 addiu a1, t8, -0x3e0 | a1 = t8 + -0x3e0;
0x0040d9c4 lw t8, -0x7e3c(gp) | t8 = sym.imp.strstr;
0x0040d9c8 move t9, t8 | t9 = t8;
0x0040d9cc jalr t9 | t9 ();
0x0040d9d0 nop |
0x0040d9d4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040d9d8 move t8, v0 | t8 = v0;
| if (t8 != 0) {
0x0040d9dc beqz t8, 0x40d9f0 |
0x0040d9e0 nop |
0x0040d9e4 addiu t8, zero, 1 | t8 = 1;
0x0040d9e8 b 0x40da1c | goto label_0;
0x0040d9ec nop |
| }
0x0040d9f0 lw t8, -0x7fd8(gp) | t8 = *((gp - 8182));
| /* str.rm__f__tmp_dhcptemp.log */
0x0040d9f4 addiu a0, t8, -0x3d4 | a0 = t8 + -0x3d4;
0x0040d9f8 lw t8, -0x7d10(gp) | t8 = sym.imp.system;
0x0040d9fc move t9, t8 | t9 = t8;
0x0040da00 jalr t9 | t9 ();
0x0040da04 nop |
0x0040da08 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040da0c move t8, zero | t8 = 0;
0x0040da10 b 0x40da1c | goto label_0;
0x0040da14 nop |
| }
0x0040da18 addiu t8, zero, 1 | t8 = 1;
| label_0:
0x0040da1c move v0, t8 | v0 = t8;
0x0040da20 lw t8, -0x7d04(gp) | t8 = *((gp - 8001));
0x0040da24 lw v1, 0x824(fp) | v1 = *(arg_824h);
0x0040da28 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x0040da2c beq v1, t8, 0x40da44 |
0x0040da30 nop |
0x0040da34 lw t8, -0x7da8(gp) | t8 = sym.imp.__stack_chk_fail;
0x0040da38 move t9, t8 | t9 = t8;
0x0040da3c jalr t9 | t9 ();
0x0040da40 nop |
| }
0x0040da44 move sp, fp |
0x0040da48 lw ra, 0x82c(sp) | ra = *(var_82ch);
0x0040da4c lw fp, 0x828(sp) | fp = *(var_828h);
0x0040da50 addiu sp, sp, 0x830 |
0x0040da54 jr ra | return v1;
0x0040da58 nop |
| }
[*] Function popen used 2 times wifi-tool
