[*] Binary protection state of urlDecode
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function printf tear down of urlDecode
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/bin/urlDecode @ 0x400f50 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
0x00400f50 lui gp, 2 |
0x00400f54 addiu gp, gp, -0x6f40 |
0x00400f58 addu gp, gp, t9 | gp += t9;
0x00400f5c addiu sp, sp, -0xc30 |
0x00400f60 sw ra, 0xc2c(sp) | *(var_c2ch) = ra;
0x00400f64 sw fp, 0xc28(sp) | *(var_c28h) = fp;
0x00400f68 move fp, sp | fp = sp;
0x00400f6c sw gp, 0x10(sp) | *(var_10h) = gp;
0x00400f70 sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x00400f74 sw a1, 0x18(fp) | *(arg_18h) = a1;
0x00400f78 lw t8, -0x7fb8(gp) | t8 = *((gp - 8174));
0x00400f7c lw t8, (t8) | t8 = *(t8);
0x00400f80 sw t8, 0xc24(fp) | *(arg_c24h) = t8;
0x00400f84 lw t8, 0x18(fp) | t8 = *(arg_18h);
0x00400f88 lw t8, 4(t8) | t8 = *((t8 + 1));
0x00400f8c sw t8, 0x20(fp) | *(arg_20h) = t8;
0x00400f90 lw v0, 0x1c(fp) | v0 = *(arg_1ch);
0x00400f94 addiu t8, zero, 2 | t8 = 2;
| if (v0 == t8) {
0x00400f98 bne v0, t8, 0x400fac |
0x00400f9c nop |
0x00400fa0 lw t8, 0x20(fp) | t8 = *(arg_20h);
| if (t8 != 0) {
0x00400fa4 bnez t8, 0x400fb8 | goto label_0;
| }
0x00400fa8 nop |
| }
0x00400fac move t8, zero | t8 = 0;
0x00400fb0 b 0x4010b0 | goto label_1;
0x00400fb4 nop |
| label_0:
0x00400fb8 b 0x40109c | goto label_2;
0x00400fbc nop |
| do {
0x00400fc0 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00400fc4 move a0, t8 | a0 = t8;
0x00400fc8 lw a1, 0x20(fp) | a1 = *(arg_20h);
0x00400fcc addiu a2, zero, 0x26 | a2 = 0x26;
0x00400fd0 lw t8, -0x7fd8(gp) | t8 = sym.getword_char__char__char_;
0x00400fd4 move t9, t8 | t9 = t8;
0x00400fd8 jalr t9 | t9 ();
0x00400fdc nop |
0x00400fe0 lw gp, 0x10(fp) | gp = *(envp);
0x00400fe4 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00400fe8 move a0, t8 | a0 = t8;
0x00400fec lw t8, -0x7fd4(gp) | t8 = sym.plustospace_char_;
0x00400ff0 move t9, t8 | t9 = t8;
0x00400ff4 jalr t9 | t9 ();
0x00400ff8 nop |
0x00400ffc lw gp, 0x10(fp) | gp = *(envp);
0x00401000 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00401004 move a0, t8 | a0 = t8;
0x00401008 lw t8, -0x7fd0(gp) | t8 = sym.unescape_url_char_;
0x0040100c move t9, t8 | t9 = t8;
0x00401010 jalr t9 | t9 ();
0x00401014 nop |
0x00401018 lw gp, 0x10(fp) | gp = *(envp);
0x0040101c addiu v0, fp, 0x424 | v0 = fp + 0x424;
0x00401020 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00401024 move a0, v0 | a0 = v0;
0x00401028 move a1, t8 | a1 = t8;
0x0040102c addiu a2, zero, 0x3d | a2 = 0x3d;
0x00401030 lw t8, -0x7fd8(gp) | t8 = sym.getword_char__char__char_;
0x00401034 move t9, t8 | t9 = t8;
0x00401038 jalr t9 | t9 ();
0x0040103c nop |
0x00401040 lw gp, 0x10(fp) | gp = *(envp);
0x00401044 addiu t8, zero, 0x3ff | t8 = 0x3ff;
0x00401048 addiu v1, fp, 0x24 | v1 = fp + 0x24;
0x0040104c addiu v0, fp, 0x824 | v0 = fp + 0x824;
0x00401050 move a0, v1 | a0 = v1;
0x00401054 move a1, v0 | a1 = v0;
0x00401058 move a2, t8 | a2 = t8;
0x0040105c lw t8, -0x7fcc(gp) | t8 = sym.bashEncode_char__char__int_;
0x00401060 move t9, t8 | t9 = t8;
0x00401064 jalr t9 | t9 ();
0x00401068 nop |
0x0040106c lw gp, 0x10(fp) | gp = *(envp);
0x00401070 addiu v0, fp, 0x424 | v0 = fp + 0x424;
0x00401074 addiu t8, fp, 0x824 | t8 = fp + 0x824;
0x00401078 lw v1, -0x7fc8(gp) | v1 = *(gp);
| /* str._s__s__n */
0x0040107c addiu a0, v1, 0x11c0 | a0 = v1 + 0x11c0;
0x00401080 move a1, v0 | a1 = v0;
0x00401084 move a2, t8 | a2 = t8;
0x00401088 lw t8, -0x7fc4(gp) | t8 = sym.imp.printf
0x0040108c move t9, t8 | t9 = t8;
0x00401090 jalr t9 | t9 ();
0x00401094 nop |
0x00401098 lw gp, 0x10(fp) | gp = *(envp);
| label_2:
0x0040109c lw t8, 0x20(fp) | t8 = *(arg_20h);
0x004010a0 lb t8, (t8) | t8 = *(t8);
0x004010a4 bnez t8, 0x400fc0 |
| } while (t8 != 0);
0x004010a8 nop |
0x004010ac move t8, zero | t8 = 0;
| label_1:
0x004010b0 move v0, t8 | v0 = t8;
0x004010b4 lw t8, -0x7fb8(gp) | t8 = *((gp - 8174));
0x004010b8 lw v1, 0xc24(fp) | v1 = *(arg_c24h);
0x004010bc lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x004010c0 beq v1, t8, 0x4010d8 |
0x004010c4 nop |
0x004010c8 lw t8, -0x7fc0(gp) | t8 = sym.imp.__stack_chk_fail;
0x004010cc move t9, t8 | t9 = t8;
0x004010d0 jalr t9 | t9 ();
0x004010d4 nop |
| }
0x004010d8 move sp, fp |
0x004010dc lw ra, 0xc2c(sp) | ra = *(var_c2ch);
0x004010e0 lw fp, 0xc28(sp) | fp = *(var_c28h);
0x004010e4 addiu sp, sp, 0xc30 |
0x004010e8 jr ra | return v1;
0x004010ec nop |
| }
[*] Function printf used 2 times urlDecode
