[*] Binary protection state of hciconfig
No RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of hciconfig
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/var/bluetooth/bin/hciconfig @ 0x400f10 */
| #include <stdint.h>
|
; (fcn) fcn.00400f10 () | void fcn_00400f10 () {
0x00400f10 lui t9, 0x41 | t9 = 0x410000;
0x00400f14 j 0x41659c | goto label_0;
0x00400f18 addiu t9, t9, 0x659c | t9 += 0x659c;
| label_0:
0x0041659c lui gp, 3 |
0x004165a0 addiu gp, gp, -0x98c |
0x004165a4 addu gp, gp, t9 | gp += t9;
0x004165a8 addiu sp, sp, -0x28 |
0x004165ac sw ra, 0x24(sp) | *(var_24h) = ra;
0x004165b0 sw fp, 0x20(sp) | *(var_20h) = fp;
0x004165b4 move fp, sp | fp = sp;
0x004165b8 sw gp, 0x10(sp) | *(var_10h) = gp;
0x004165bc sw a0, 0x28(fp) | *(arg_28h) = a0;
0x004165c0 addiu a0, zero, 0x32 | a0 = 0x32;
0x004165c4 lw t8, -0x7fdc(gp) | t8 = sym.bt_malloc;
0x004165c8 move t9, t8 | t9 = t8;
0x004165cc jalr t9 | t9 ();
0x004165d0 nop |
0x004165d4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004165d8 sw v0, 0x18(fp) | *(arg_18h) = v0;
0x004165dc lw t8, 0x18(fp) | t8 = *(arg_18h);
| if (t8 == 0) {
0x004165e0 bnez t8, 0x4165f4 |
0x004165e4 nop |
0x004165e8 move t8, zero | t8 = 0;
0x004165ec b 0x4166cc | goto label_1;
0x004165f0 nop |
| }
0x004165f4 lw t8, 0x18(fp) | t8 = *(arg_18h);
0x004165f8 sb zero, (t8) | *(t8) = 0;
0x004165fc lw t8, 0x28(fp) | t8 = *(arg_28h);
0x00416600 andi t8, t8, 1 | t8 &= 1;
| if (t8 == 0) {
0x00416604 bnez t8, 0x41663c |
0x00416608 nop |
0x0041660c lw t8, 0x18(fp) | t8 = *(arg_18h);
0x00416610 lw v0, -0x7fc8(gp) | v0 = *((gp - 8178));
0x00416614 lw v1, -0x6188(v0) | v1 = *((v0 - 6242));
0x00416618 swl v1, 3(t8) | __asm ("swl v1, 3(t8)");
0x0041661c swr v1, (t8) | __asm ("swr v1, (t8)");
| /* str.SLAVE_ */
0x00416620 addiu v0, v0, -0x6188 | v0 += -0x6188;
0x00416624 lbu v1, 4(v0) | v1 = *((v0 + 4));
0x00416628 sb v1, 4(t8) | *((t8 + 4)) = v1;
0x0041662c lbu v1, 5(v0) | v1 = *((v0 + 5));
0x00416630 sb v1, 5(t8) | *((t8 + 5)) = v1;
0x00416634 lbu v0, 6(v0) | v0 = *((v0 + 6));
0x00416638 sb v0, 6(t8) | *((t8 + 6)) = v0;
| }
0x0041663c lw t8, -0x7fbc(gp) | t8 = *((gp - 8175));
| /* esilref: 'NONE' */
0x00416640 addiu a0, t8, -0x2e28 | a0 = t8 + -0x2e28;
0x00416644 lw a1, 0x28(fp) | a1 = *(arg_28h);
0x00416648 lw t8, -0x7fc4(gp) | t8 = *((gp - 8177));
0x0041664c addiu t8, t8, 0x5ad8 | t8 += 0x5ad8;
0x00416650 move t9, t8 | t9 = t8;
0x00416654 jalr t9 | t9 ();
0x00416658 nop |
0x0041665c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00416660 sw v0, 0x1c(fp) | *(arg_1ch) = v0;
0x00416664 lw t8, 0x1c(fp) | t8 = *(arg_1ch);
| if (t8 == 0) {
0x00416668 bnez t8, 0x416694 |
0x0041666c nop |
0x00416670 lw a0, 0x18(fp) | a0 = *(arg_18h);
0x00416674 lw t8, -0x7fb8(gp) | t8 = sym.bt_free;
0x00416678 move t9, t8 | t9 = t8;
0x0041667c jalr t9 | t9 ();
0x00416680 nop |
0x00416684 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00416688 move t8, zero | t8 = 0;
0x0041668c b 0x4166cc | goto label_1;
0x00416690 nop |
| }
0x00416694 lw a0, 0x18(fp) | a0 = *(arg_18h);
0x00416698 lw a1, 0x1c(fp) | a1 = *(arg_1ch);
0x0041669c lw t8, -0x7f40(gp) | t8 = sym.imp.strcat
0x004166a0 move t9, t8 | t9 = t8;
0x004166a4 jalr t9 | t9 ();
0x004166a8 nop |
0x004166ac lw gp, 0x10(fp) | gp = *(arg_10h);
0x004166b0 lw a0, 0x1c(fp) | a0 = *(arg_1ch);
0x004166b4 lw t8, -0x7f1c(gp) | t8 = *((gp - 8135));
0x004166b8 move t9, t8 | t9 = t8;
0x004166bc jalr t9 | t9 ();
0x004166c0 nop |
0x004166c4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004166c8 lw t8, 0x18(fp) | t8 = *(arg_18h);
| label_1:
0x004166cc move v0, t8 | v0 = t8;
0x004166d0 move sp, fp |
0x004166d4 lw ra, 0x24(sp) | ra = *(var_24h);
0x004166d8 lw fp, 0x20(sp) | fp = *(var_20h);
0x004166dc addiu sp, sp, 0x28 |
0x004166e0 jr ra | return v0;
0x004166e4 nop |
| }
[*] Function strcat used 2 times hciconfig
