[*] Binary protection state of dbd
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of dbd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/dbd @ 0x404a98 */
| #include <stdint.h>
|
; (fcn) sym.cp_dbfile_char_const_ () | void cp_dbfile_char_const_ () {
| /* cp_dbfile(char const*) */
0x00404a98 lui gp, 2 |
0x00404a9c addiu gp, gp, -0x3a68 |
0x00404aa0 addu gp, gp, t9 | gp += t9;
0x00404aa4 addiu sp, sp, -0x78 |
0x00404aa8 sw ra, 0x74(sp) | *(var_74h) = ra;
0x00404aac sw fp, 0x70(sp) | *(var_70h) = fp;
0x00404ab0 sw s0, 0x6c(sp) | *(var_6ch) = s0;
0x00404ab4 move fp, sp | fp = sp;
0x00404ab8 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00404abc sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x00404ac0 lw t8, -0x7e74(gp) | t8 = *((gp - 8093));
0x00404ac4 lw t8, (t8) | t8 = *(t8);
0x00404ac8 sw t8, 0x64(fp) | *(arg_64h) = t8;
0x00404acc lw a0, 0x1c(fp) | a0 = *(arg_1ch);
0x00404ad0 move a1, zero | a1 = 0;
0x00404ad4 lw t8, -0x7ed0(gp) | t8 = sym.imp.access;
0x00404ad8 move t9, t8 | t9 = t8;
0x00404adc jalr t9 | t9 ();
0x00404ae0 nop |
0x00404ae4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404ae8 move t8, v0 | t8 = v0;
0x00404aec addiu t8, t8, 1 | t8++;
0x00404af0 sltiu t8, t8, 1 | t8 = (t8 < 1) ? 1 : 0;
0x00404af4 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00404af8 beqz t8, 0x404b0c |
0x00404afc nop |
0x00404b00 addiu t8, zero, -1 | t8 = -1;
0x00404b04 b 0x404d30 | goto label_0;
0x00404b08 nop |
| }
0x00404b0c addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00404b10 move a0, t8 | a0 = t8;
0x00404b14 move a1, zero | a1 = 0;
0x00404b18 addiu a2, zero, 0x40 | a2 = 0x40;
0x00404b1c lw t8, -0x7f14(gp) | t8 = sym.imp.memset;
0x00404b20 move t9, t8 | t9 = t8;
0x00404b24 jalr t9 | t9 ();
0x00404b28 nop |
0x00404b2c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404b30 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00404b34 lui v0, 0x2d20 | v0 = 0x2d207063;
0x00404b38 ori v0, v0, 0x7063 |
0x00404b3c sw v0, (t8) | *(t8) = v0;
0x00404b40 addiu v0, zero, 0x2066 | v0 = 0x2066;
0x00404b44 sh v0, 4(t8) | *((t8 + 4)) = v0;
0x00404b48 sb zero, 6(t8) | *((t8 + 6)) = 0;
0x00404b4c addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00404b50 move a0, t8 | a0 = t8;
0x00404b54 lw t8, -0x7eb4(gp) | t8 = sym.imp.strlen;
0x00404b58 move t9, t8 | t9 = t8;
0x00404b5c jalr t9 | t9 ();
0x00404b60 nop |
0x00404b64 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404b68 move t8, v0 | t8 = v0;
0x00404b6c addiu v0, fp, 0x24 | v0 = fp + 0x24;
0x00404b70 addu t8, v0, t8 | t8 = v0 + t8;
0x00404b74 addiu v0, zero, 0x27 | v0 = 0x27;
0x00404b78 sb v0, (t8) | *(t8) = v0;
0x00404b7c sb zero, 1(t8) | *((t8 + 1)) = 0;
0x00404b80 addiu t8, fp, 0x20 | t8 = fp + 0x20;
0x00404b84 move a0, t8 | a0 = t8;
0x00404b88 lw a1, 0x1c(fp) | a1 = *(arg_1ch);
0x00404b8c lw t8, -0x7f9c(gp) | t8 = sym.strongEncode_char_const_;
0x00404b90 move t9, t8 | t9 = t8;
0x00404b94 jalr t9 | t9 ();
0x00404b98 nop |
0x00404b9c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404ba0 addiu t8, fp, 0x20 | t8 = fp + 0x20;
0x00404ba4 move a0, t8 | a0 = t8;
0x00404ba8 lw t8, -0x7e88(gp) | t8 = *(gp);
0x00404bac move t9, t8 | t9 = t8;
0x00404bb0 jalr t9 | t9 ();
0x00404bb4 nop |
0x00404bb8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404bbc move t8, v0 | t8 = v0;
0x00404bc0 addiu v0, fp, 0x24 | v0 = fp + 0x24;
0x00404bc4 move a0, v0 | a0 = v0;
0x00404bc8 move a1, t8 | a1 = t8;
0x00404bcc lw t8, -0x7e98(gp) | t8 = sym.imp.strcat
0x00404bd0 move t9, t8 | t9 = t8;
0x00404bd4 jalr t9 | t9 ();
0x00404bd8 nop |
0x00404bdc lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404be0 addiu t8, fp, 0x20 | t8 = fp + 0x20;
0x00404be4 move a0, t8 | a0 = t8;
0x00404be8 lw t8, -0x7ec8(gp) | t8 = *(gp);
0x00404bec move t9, t8 | t9 = t8;
0x00404bf0 jalr t9 | t9 ();
0x00404bf4 nop |
0x00404bf8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404bfc addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00404c00 move a0, t8 | a0 = t8;
0x00404c04 lw t8, -0x7eb4(gp) | t8 = sym.imp.strlen;
0x00404c08 move t9, t8 | t9 = t8;
0x00404c0c jalr t9 | t9 ();
0x00404c10 nop |
0x00404c14 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404c18 move t8, v0 | t8 = v0;
0x00404c1c addiu v0, fp, 0x24 | v0 = fp + 0x24;
0x00404c20 addu t8, v0, t8 | t8 = v0 + t8;
0x00404c24 addiu v0, zero, 0x27 | v0 = 0x27;
0x00404c28 sb v0, (t8) | *(t8) = v0;
0x00404c2c sb zero, 1(t8) | *((t8 + 1)) = 0;
0x00404c30 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00404c34 move a0, t8 | a0 = t8;
0x00404c38 lw t8, -0x7eb4(gp) | t8 = sym.imp.strlen;
0x00404c3c move t9, t8 | t9 = t8;
0x00404c40 jalr t9 | t9 ();
0x00404c44 nop |
0x00404c48 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404c4c move t8, v0 | t8 = v0;
0x00404c50 addiu v0, fp, 0x24 | v0 = fp + 0x24;
0x00404c54 addu t8, v0, t8 | t8 = v0 + t8;
0x00404c58 addiu v0, zero, 0x20 | v0 = 0x20;
0x00404c5c sb v0, (t8) | *(t8) = v0;
0x00404c60 sb zero, 1(t8) | *((t8 + 1)) = 0;
0x00404c64 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00404c68 move a0, t8 | a0 = t8;
0x00404c6c lw t8, -0x7eb4(gp) | t8 = sym.imp.strlen;
0x00404c70 move t9, t8 | t9 = t8;
0x00404c74 jalr t9 | t9 ();
0x00404c78 nop |
0x00404c7c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404c80 move t8, v0 | t8 = v0;
0x00404c84 addiu v0, fp, 0x24 | v0 = fp + 0x24;
0x00404c88 addu t8, v0, t8 | t8 = v0 + t8;
0x00404c8c lw v0, -0x7fdc(gp) | v0 = *(gp);
0x00404c90 lw a1, 0x7c08(v0) | a1 = *((v0 + 7938));
| /* str._tmp_db_db.xml */
0x00404c94 addiu v1, v0, 0x7c08 | v1 = v0 + 0x7c08;
0x00404c98 lw a0, 4(v1) | a0 = *((v1 + 1));
| /* str._tmp_db_db.xml */
0x00404c9c addiu v1, v0, 0x7c08 | v1 = v0 + 0x7c08;
0x00404ca0 lw v1, 8(v1) | v1 = *((v1 + 2));
0x00404ca4 swl a1, 3(t8) | __asm ("swl a1, 3(t8)");
0x00404ca8 swr a1, (t8) | __asm ("swr a1, (t8)");
0x00404cac swl a0, 7(t8) | __asm ("swl a0, 7(t8)");
0x00404cb0 swr a0, 4(t8) | __asm ("swr a0, 4(t8)");
0x00404cb4 swl v1, 0xb(t8) | __asm ("swl v1, 0xb(t8)");
0x00404cb8 swr v1, 8(t8) | __asm ("swr v1, 8(t8)");
| /* str._tmp_db_db.xml */
0x00404cbc addiu v0, v0, 0x7c08 | v0 += 0x7c08;
0x00404cc0 lbu v1, 0xc(v0) | v1 = *((v0 + 12));
0x00404cc4 sb v1, 0xc(t8) | *((t8 + 12)) = v1;
0x00404cc8 lbu v1, 0xd(v0) | v1 = *((v0 + 13));
0x00404ccc sb v1, 0xd(t8) | *((t8 + 13)) = v1;
0x00404cd0 lbu v0, 0xe(v0) | v0 = *((v0 + 14));
0x00404cd4 sb v0, 0xe(t8) | *((t8 + 14)) = v0;
0x00404cd8 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00404cdc move a0, t8 | a0 = t8;
0x00404ce0 lw t8, -0x7e7c(gp) | t8 = sym.imp.system;
0x00404ce4 move t9, t8 | t9 = t8;
0x00404ce8 jalr t9 | t9 ();
0x00404cec nop |
0x00404cf0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404cf4 move t8, v0 | t8 = v0;
0x00404cf8 addiu t8, t8, 1 | t8++;
0x00404cfc sltiu t8, t8, 1 | t8 = (t8 < 1) ? 1 : 0;
0x00404d00 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00404d04 beqz t8, 0x404d18 |
0x00404d08 nop |
0x00404d0c addiu t8, zero, -1 | t8 = -1;
0x00404d10 b 0x404d30 | goto label_0;
0x00404d14 nop |
| }
0x00404d18 lw t8, -0x7fa0(gp) | t8 = sym.XMLFlush__;
0x00404d1c move t9, t8 | t9 = t8;
0x00404d20 jalr t9 | t9 ();
0x00404d24 nop |
0x00404d28 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404d2c move t8, zero | t8 = 0;
| label_0:
0x00404d30 move v0, t8 | v0 = t8;
0x00404d34 lw t8, -0x7e74(gp) | t8 = *((gp - 8093));
0x00404d38 lw v1, 0x64(fp) | v1 = *(arg_64h);
0x00404d3c lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x00404d40 beq v1, t8, 0x404d9c |
0x00404d44 nop |
0x00404d48 b 0x404d8c | goto label_1;
0x00404d4c nop |
| label_1:
0x00404d8c lw t8, -0x7ee4(gp) | t8 = sym.imp.__stack_chk_fail;
0x00404d90 move t9, t8 | t9 = t8;
0x00404d94 jalr t9 | t9 ();
0x00404d98 nop |
| }
0x00404d9c move sp, fp |
0x00404da0 lw ra, 0x74(sp) | ra = *(var_74h);
0x00404da4 lw fp, 0x70(sp) | fp = *(var_70h);
0x00404da8 lw s0, 0x6c(sp) | s0 = *(var_6ch);
0x00404dac addiu sp, sp, 0x78 |
0x00404db0 jr ra | return v1;
0x00404db4 nop |
| }
[*] Function strcat used 2 times dbd
