[*] Binary protection state of console_secure
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of console_secure
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/bin/console_secure @ 0x400fa0 */
| #include <stdint.h>
|
; (fcn) sym.get_md5sum_char_const__char__int_ () | void get_md5sum_char_const_char_int_ () {
| /* get_md5sum(char const*, char*, int) */
0x00400fa0 lui gp, 2 |
0x00400fa4 addiu gp, gp, -0x5f80 |
0x00400fa8 addu gp, gp, t9 | gp += t9;
0x00400fac addiu sp, sp, -0xa8 |
0x00400fb0 sw ra, 0xa4(sp) | *(var_a4h) = ra;
0x00400fb4 sw fp, 0xa0(sp) | *(var_a0h) = fp;
0x00400fb8 move fp, sp | fp = sp;
0x00400fbc sw gp, 0x10(sp) | *(var_10h) = gp;
0x00400fc0 sw a0, 0x24(fp) | *(arg_24h) = a0;
0x00400fc4 sw a1, 0x20(fp) | *(arg_20h) = a1;
0x00400fc8 sw a2, 0x1c(fp) | *(arg_1ch) = a2;
0x00400fcc lw t8, -0x7f38(gp) | t8 = *((gp - 8142));
0x00400fd0 lw t8, (t8) | t8 = *(t8);
0x00400fd4 sw t8, 0x9c(fp) | *(arg_9ch) = t8;
0x00400fd8 sw zero, 0x8c(fp) | *(arg_8ch) = 0;
0x00400fdc sw zero, 0x90(fp) | *(arg_90h) = 0;
0x00400fe0 sw zero, 0x94(fp) | *(arg_94h) = 0;
0x00400fe4 sw zero, 0x98(fp) | *(arg_98h) = 0;
0x00400fe8 addiu t8, fp, 0x30 | t8 = fp + 0x30;
0x00400fec move a0, t8 | a0 = t8;
0x00400ff0 lw t8, -0x7f48(gp) | t8 = sym.imp.MD5_Init;
0x00400ff4 move t9, t8 | t9 = t8;
0x00400ff8 jalr t9 | t9 ();
0x00400ffc nop |
0x00401000 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401004 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x00401008 lw t8, -0x7f58(gp) | t8 = sym.imp.strlen;
0x0040100c move t9, t8 | t9 = t8;
0x00401010 jalr t9 | t9 ();
0x00401014 nop |
0x00401018 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040101c move t8, v0 | t8 = v0;
0x00401020 addiu v0, fp, 0x30 | v0 = fp + 0x30;
0x00401024 move a0, v0 | a0 = v0;
0x00401028 lw a1, 0x24(fp) | a1 = *(arg_24h);
0x0040102c move a2, t8 | a2 = t8;
0x00401030 lw t8, -0x7f88(gp) | t8 = sym.imp.MD5_Update;
0x00401034 move t9, t8 | t9 = t8;
0x00401038 jalr t9 | t9 ();
0x0040103c nop |
0x00401040 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401044 addiu v0, fp, 0x8c | v0 = fp + 0x8c;
0x00401048 addiu t8, fp, 0x30 | t8 = fp + 0x30;
0x0040104c move a0, v0 | a0 = v0;
0x00401050 move a1, t8 | a1 = t8;
0x00401054 lw t8, -0x7f50(gp) | t8 = sym.imp.MD5_Final;
0x00401058 move t9, t8 | t9 = t8;
0x0040105c jalr t9 | t9 ();
0x00401060 nop |
0x00401064 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401068 lw t8, 0x1c(fp) | t8 = *(arg_1ch);
0x0040106c lw a0, 0x20(fp) | a0 = *(arg_20h);
0x00401070 move a1, zero | a1 = 0;
0x00401074 move a2, t8 | a2 = t8;
0x00401078 lw t8, -0x7f8c(gp) | t8 = sym.imp.memset;
0x0040107c move t9, t8 | t9 = t8;
0x00401080 jalr t9 | t9 ();
0x00401084 nop |
0x00401088 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040108c sw zero, 0x2c(fp) | *(arg_2ch) = 0;
0x00401090 b 0x4010e8 | goto label_0;
0x00401094 nop |
| do {
0x00401098 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x0040109c sll t8, t8, 1 | t8 <<= 1;
0x004010a0 lw v0, 0x20(fp) | v0 = *(arg_20h);
0x004010a4 addu v0, v0, t8 | v0 += t8;
0x004010a8 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x004010ac addiu v1, fp, 0xa0 | v1 = fp + 0xa0;
0x004010b0 addu t8, v1, t8 | t8 = v1 + t8;
0x004010b4 lbu t8, -0x14(t8) | t8 = *((t8 - 20));
0x004010b8 move a0, v0 | a0 = v0;
0x004010bc lw v0, -0x7fdc(gp) | v0 = *(gp);
| /* str._02x */
0x004010c0 addiu a1, v0, 0x2030 | a1 = v0 + 0x2030;
0x004010c4 move a2, t8 | a2 = t8;
0x004010c8 lw t8, -0x7f98(gp) | t8 = sym.imp.sprintf
0x004010cc move t9, t8 | t9 = t8;
0x004010d0 jalr t9 | t9 ();
0x004010d4 nop |
0x004010d8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004010dc lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x004010e0 addiu t8, t8, 1 | t8++;
0x004010e4 sw t8, 0x2c(fp) | *(arg_2ch) = t8;
| label_0:
0x004010e8 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x004010ec slti t8, t8, 0x10 | t8 = (t8 < 0x10) ? 1 : 0;
0x004010f0 bnez t8, 0x401098 |
| } while (t8 != 0);
0x004010f4 nop |
0x004010f8 lw t8, -0x7f38(gp) | t8 = *((gp - 8142));
0x004010fc lw v0, 0x9c(fp) | v0 = *(arg_9ch);
0x00401100 lw t8, (t8) | t8 = *(t8);
| if (v0 != t8) {
0x00401104 beq v0, t8, 0x40111c |
0x00401108 nop |
0x0040110c lw t8, -0x7f80(gp) | t8 = sym.imp.__stack_chk_fail;
0x00401110 move t9, t8 | t9 = t8;
0x00401114 jalr t9 | t9 ();
0x00401118 nop |
| }
0x0040111c move sp, fp |
0x00401120 lw ra, 0xa4(sp) | ra = *(var_a4h);
0x00401124 lw fp, 0xa0(sp) | fp = *(var_a0h);
0x00401128 addiu sp, sp, 0xa8 |
0x0040112c jr ra | return v0;
0x00401130 nop |
| }
[*] Function sprintf used 2 times console_secure
