[*] Binary protection state of certificate
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of certificate
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/bin/certificate @ 0x401d70 */
| #include <stdint.h>
|
; (fcn) sym.readPemFromDb_char__unsigned_int__char__char_ () | void readPemFromDb_char_unsigned_int_char_char_ () {
| /* readPemFromDb(char*, unsigned int, char*, char*) */
0x00401d70 lui gp, 2 |
0x00401d74 addiu gp, gp, -0x4d40 |
0x00401d78 addu gp, gp, t9 | gp += t9;
0x00401d7c addiu sp, sp, -0x1068 |
0x00401d80 sw ra, 0x1064(sp) | *(var_1064h) = ra;
0x00401d84 sw fp, 0x1060(sp) | *(var_1060h) = fp;
0x00401d88 sw s1, 0x105c(sp) | *(var_105ch) = s1;
0x00401d8c sw s0, 0x1058(sp) | *(var_1058h) = s0;
0x00401d90 move fp, sp | fp = sp;
0x00401d94 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00401d98 sw a0, 0x24(fp) | *(arg_24h) = a0;
0x00401d9c sw a1, 0x20(fp) | *(arg_20h) = a1;
0x00401da0 sw a2, 0x1c(fp) | *(arg_1ch) = a2;
0x00401da4 sw a3, 0x18(fp) | *(arg_18h) = a3;
0x00401da8 lw t8, -0x7ee8(gp) | t8 = *((gp - 8122));
0x00401dac lw t8, (t8) | t8 = *(t8);
0x00401db0 sw t8, 0x1054(fp) | *(arg_1054h) = t8;
0x00401db4 addiu t8, fp, 0x3c | t8 = fp + 0x3c;
0x00401db8 move a0, t8 | a0 = t8;
0x00401dbc lw t8, -0x7fdc(gp) | t8 = *(gp);
0x00401dc0 move t9, t8 | t9 = t8;
0x00401dc4 jalr t9 | t9 ();
0x00401dc8 nop |
0x00401dcc lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401dd0 addiu t8, fp, 0x3c | t8 = fp + 0x3c;
0x00401dd4 move a0, t8 | a0 = t8;
0x00401dd8 lw a1, 0x1c(fp) | a1 = *(arg_1ch);
0x00401ddc move a2, zero | a2 = 0;
0x00401de0 lw t8, -0x7f78(gp) | t8 = *(gp);
0x00401de4 move t9, t8 | t9 = t8;
0x00401de8 jalr t9 | t9 ();
0x00401dec nop |
0x00401df0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401df4 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00401df8 move a0, t8 | a0 = t8;
0x00401dfc lw t8, -0x7f88(gp) | t8 = *(gp);
0x00401e00 move t9, t8 | t9 = t8;
0x00401e04 jalr t9 | t9 ();
0x00401e08 nop |
0x00401e0c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401e10 addiu v0, fp, 0x30 | v0 = fp + 0x30;
0x00401e14 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00401e18 move a0, v0 | a0 = v0;
0x00401e1c lw a1, 0x18(fp) | a1 = *(arg_18h);
0x00401e20 move a2, t8 | a2 = t8;
0x00401e24 lw t8, -0x7f40(gp) | t8 = *(gp);
0x00401e28 move t9, t8 | t9 = t8;
0x00401e2c jalr t9 | t9 ();
0x00401e30 nop |
0x00401e34 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401e38 addiu v1, fp, 0x2c | v1 = fp + 0x2c;
0x00401e3c addiu v0, fp, 0x3c | v0 = fp + 0x3c;
0x00401e40 addiu t8, fp, 0x30 | t8 = fp + 0x30;
0x00401e44 move a0, v1 | a0 = v1;
0x00401e48 move a1, v0 | a1 = v0;
0x00401e4c move a2, t8 | a2 = t8;
0x00401e50 lw t8, -0x7f0c(gp) | t8 = *(gp);
0x00401e54 move t9, t8 | t9 = t8;
0x00401e58 jalr t9 | t9 ();
0x00401e5c nop |
0x00401e60 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401e64 addiu t8, fp, 0x30 | t8 = fp + 0x30;
0x00401e68 move a0, t8 | a0 = t8;
0x00401e6c lw t8, -0x7f28(gp) | t8 = *(gp);
0x00401e70 move t9, t8 | t9 = t8;
0x00401e74 jalr t9 | t9 ();
0x00401e78 nop |
0x00401e7c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401e80 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00401e84 move a0, t8 | a0 = t8;
0x00401e88 lw t8, -0x7f60(gp) | t8 = *(gp);
0x00401e8c move t9, t8 | t9 = t8;
0x00401e90 jalr t9 | t9 ();
0x00401e94 nop |
0x00401e98 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401e9c addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00401ea0 move a0, t8 | a0 = t8;
0x00401ea4 lw t8, -0x7f10(gp) | t8 = *(gp);
0x00401ea8 move t9, t8 | t9 = t8;
0x00401eac jalr t9 | t9 ();
0x00401eb0 nop |
0x00401eb4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401eb8 move t8, v0 | t8 = v0;
0x00401ebc sw t8, 0x34(fp) | *(arg_34h) = t8;
0x00401ec0 lw v0, 0x34(fp) | v0 = *(arg_34h);
0x00401ec4 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x00401ec8 sltu t8, v0, t8 | t8 = (v0 < t8) ? 1 : 0;
| if (t8 == 0) {
0x00401ecc bnez t8, 0x401ee0 |
0x00401ed0 nop |
0x00401ed4 addiu s0, zero, -1 | s0 = -1;
0x00401ed8 b 0x401f20 | goto label_0;
0x00401edc nop |
| }
0x00401ee0 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00401ee4 move a0, t8 | a0 = t8;
0x00401ee8 lw t8, -0x7ef4(gp) | t8 = *(gp);
0x00401eec move t9, t8 | t9 = t8;
0x00401ef0 jalr t9 | t9 ();
0x00401ef4 nop |
0x00401ef8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401efc move t8, v0 | t8 = v0;
0x00401f00 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x00401f04 move a1, t8 | a1 = t8;
0x00401f08 lw t8, -0x7f90(gp) | t8 = sym.imp.strcpy
0x00401f0c move t9, t8 | t9 = t8;
0x00401f10 jalr t9 | t9 ();
0x00401f14 nop |
0x00401f18 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401f1c lw s0, 0x34(fp) | s0 = *(arg_34h);
| label_0:
0x00401f20 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00401f24 move a0, t8 | a0 = t8;
0x00401f28 lw t8, -0x7f28(gp) | t8 = *(gp);
0x00401f2c move t9, t8 | t9 = t8;
0x00401f30 jalr t9 | t9 ();
0x00401f34 nop |
0x00401f38 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401f3c addiu t8, fp, 0x3c | t8 = fp + 0x3c;
0x00401f40 move a0, t8 | a0 = t8;
0x00401f44 lw t8, -0x7f58(gp) | t8 = sym.imp.TinyDB::TinyDB__;
0x00401f48 move t9, t8 | t9 = t8;
0x00401f4c jalr t9 | t9 ();
0x00401f50 nop |
0x00401f54 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401f58 move t8, s0 | t8 = s0;
0x00401f5c move v0, t8 | v0 = t8;
0x00401f60 lw t8, -0x7ee8(gp) | t8 = *((gp - 8122));
0x00401f64 lw v1, 0x1054(fp) | v1 = *(arg_1054h);
0x00401f68 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x00401f6c beq v1, t8, 0x402180 |
0x00401f70 nop |
0x00401f74 b 0x402170 | goto label_1;
0x00401f78 nop |
| label_1:
0x00402170 lw t8, -0x7f34(gp) | t8 = sym.imp.__stack_chk_fail;
0x00402174 move t9, t8 | t9 = t8;
0x00402178 jalr t9 | t9 ();
0x0040217c nop |
| }
0x00402180 move sp, fp |
0x00402184 lw ra, 0x1064(sp) | ra = *(var_1064h);
0x00402188 lw fp, 0x1060(sp) | fp = *(var_1060h);
0x0040218c lw s1, 0x105c(sp) | s1 = *(var_105ch);
0x00402190 lw s0, 0x1058(sp) | s0 = *(var_1058h);
0x00402194 addiu sp, sp, 0x1068 |
0x00402198 jr ra | return v1;
0x0040219c nop |
| }
[*] Function strcpy used 2 times certificate
