[*] Binary protection state of hcitool
No RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcat tear down of hcitool
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/var/bluetooth/bin/hcitool @ 0x400f10 */
| #include <stdint.h>
|
; (fcn) fcn.00400f10 () | void fcn_00400f10 () {
0x00400f10 lui t9, 0x41 | t9 = 0x410000;
0x00400f14 j 0x40f84c | goto label_0;
0x00400f18 addiu t9, t9, -0x7b4 | t9 += -0x7b4;
| label_0:
0x0040f84c lui gp, 2 |
0x0040f850 addiu gp, gp, 0x7ec4 |
0x0040f854 addu gp, gp, t9 | gp += t9;
0x0040f858 addiu sp, sp, -0x28 |
0x0040f85c sw ra, 0x24(sp) | *(var_24h) = ra;
0x0040f860 sw fp, 0x20(sp) | *(var_20h) = fp;
0x0040f864 move fp, sp | fp = sp;
0x0040f868 sw gp, 0x10(sp) | *(var_10h) = gp;
0x0040f86c sw a0, 0x28(fp) | *(arg_28h) = a0;
0x0040f870 addiu a0, zero, 0x32 | a0 = 0x32;
0x0040f874 lw t8, -0x7fdc(gp) | t8 = sym.bt_malloc;
0x0040f878 move t9, t8 | t9 = t8;
0x0040f87c jalr t9 | t9 ();
0x0040f880 nop |
0x0040f884 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040f888 sw v0, 0x18(fp) | *(arg_18h) = v0;
0x0040f88c lw t8, 0x18(fp) | t8 = *(arg_18h);
| if (t8 == 0) {
0x0040f890 bnez t8, 0x40f8a4 |
0x0040f894 nop |
0x0040f898 move t8, zero | t8 = 0;
0x0040f89c b 0x40f97c | goto label_1;
0x0040f8a0 nop |
| }
0x0040f8a4 lw t8, 0x18(fp) | t8 = *(arg_18h);
0x0040f8a8 sb zero, (t8) | *(t8) = 0;
0x0040f8ac lw t8, 0x28(fp) | t8 = *(arg_28h);
0x0040f8b0 andi t8, t8, 1 | t8 &= 1;
| if (t8 == 0) {
0x0040f8b4 bnez t8, 0x40f8ec |
0x0040f8b8 nop |
0x0040f8bc lw t8, 0x18(fp) | t8 = *(arg_18h);
0x0040f8c0 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
0x0040f8c4 lw v1, -0x39a8(v0) | v1 = *((v0 - 3690));
0x0040f8c8 swl v1, 3(t8) | __asm ("swl v1, 3(t8)");
0x0040f8cc swr v1, (t8) | __asm ("swr v1, (t8)");
| /* str.SLAVE_ */
0x0040f8d0 addiu v0, v0, -0x39a8 | v0 += -0x39a8;
0x0040f8d4 lbu v1, 4(v0) | v1 = *((v0 + 4));
0x0040f8d8 sb v1, 4(t8) | *((t8 + 4)) = v1;
0x0040f8dc lbu v1, 5(v0) | v1 = *((v0 + 5));
0x0040f8e0 sb v1, 5(t8) | *((t8 + 5)) = v1;
0x0040f8e4 lbu v0, 6(v0) | v0 = *((v0 + 6));
0x0040f8e8 sb v0, 6(t8) | *((t8 + 6)) = v0;
| }
0x0040f8ec lw t8, -0x7fc0(gp) | t8 = *((gp - 8176));
| /* esilref: 'NONE' */
0x0040f8f0 addiu a0, t8, -0x1328 | a0 = t8 + -0x1328;
0x0040f8f4 lw a1, 0x28(fp) | a1 = *(arg_28h);
0x0040f8f8 lw t8, -0x7fc8(gp) | t8 = *((gp - 8178));
| /* fcn.0040ed88 */
0x0040f8fc addiu t8, t8, -0x1278 | t8 += -0x1278;
0x0040f900 move t9, t8 | t9 = t8;
0x0040f904 jalr t9 | t9 ();
0x0040f908 nop |
0x0040f90c lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040f910 sw v0, 0x1c(fp) | *(arg_1ch) = v0;
0x0040f914 lw t8, 0x1c(fp) | t8 = *(arg_1ch);
| if (t8 == 0) {
0x0040f918 bnez t8, 0x40f944 |
0x0040f91c nop |
0x0040f920 lw a0, 0x18(fp) | a0 = *(arg_18h);
0x0040f924 lw t8, -0x7fbc(gp) | t8 = sym.bt_free;
0x0040f928 move t9, t8 | t9 = t8;
0x0040f92c jalr t9 | t9 ();
0x0040f930 nop |
0x0040f934 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040f938 move t8, zero | t8 = 0;
0x0040f93c b 0x40f97c | goto label_1;
0x0040f940 nop |
| }
0x0040f944 lw a0, 0x18(fp) | a0 = *(arg_18h);
0x0040f948 lw a1, 0x1c(fp) | a1 = *(arg_1ch);
0x0040f94c lw t8, -0x7f44(gp) | t8 = sym.imp.strcat
0x0040f950 move t9, t8 | t9 = t8;
0x0040f954 jalr t9 | t9 ();
0x0040f958 nop |
0x0040f95c lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040f960 lw a0, 0x1c(fp) | a0 = *(arg_1ch);
0x0040f964 lw t8, -0x7f20(gp) | t8 = *((gp - 8136));
0x0040f968 move t9, t8 | t9 = t8;
0x0040f96c jalr t9 | t9 ();
0x0040f970 nop |
0x0040f974 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040f978 lw t8, 0x18(fp) | t8 = *(arg_18h);
| label_1:
0x0040f97c move v0, t8 | v0 = t8;
0x0040f980 move sp, fp |
0x0040f984 lw ra, 0x24(sp) | ra = *(var_24h);
0x0040f988 lw fp, 0x20(sp) | fp = *(var_20h);
0x0040f98c addiu sp, sp, 0x28 |
0x0040f990 jr ra | return v0;
0x0040f994 nop |
| }
[*] Function strcat used 2 times hcitool
