[*] Binary protection state of dbd
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of dbd
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/dbd @ 0x402a60 */
| #include <stdint.h>
|
; (fcn) sym.xml_get_mxml_node_s__char_const_____32___char__char_ () | void xml_get_mxml_node_s_char_const_32_char_char_ () {
| /* xml_get(mxml_node_s*, char const (*) [32], char, char*) */
0x00402a60 lui gp, 2 |
0x00402a64 addiu gp, gp, -0x1a30 |
0x00402a68 addu gp, gp, t9 | gp += t9;
0x00402a6c addiu sp, sp, -0x60 |
0x00402a70 sw ra, 0x5c(sp) | *(var_5ch) = ra;
0x00402a74 sw fp, 0x58(sp) | *(var_58h) = fp;
0x00402a78 sw s1, 0x54(sp) | *(var_54h) = s1;
0x00402a7c sw s0, 0x50(sp) | *(var_50h) = s0;
0x00402a80 move fp, sp | fp = sp;
0x00402a84 sw gp, 0x20(sp) | *(var_20h) = gp;
0x00402a88 sw a0, 0x34(fp) | *(arg_34h) = a0;
0x00402a8c sw a1, 0x30(fp) | *(arg_30h) = a1;
0x00402a90 move t8, a2 | t8 = a2;
0x00402a94 sw a3, 0x28(fp) | *(arg_28h) = a3;
0x00402a98 sb t8, 0x2c(fp) | *(arg_2ch) = t8;
0x00402a9c lw t8, -0x7e74(gp) | t8 = *((gp - 8093));
0x00402aa0 lw t8, (t8) | t8 = *(t8);
0x00402aa4 sw t8, 0x4c(fp) | *(arg_4ch) = t8;
0x00402aa8 sw zero, 0x3c(fp) | *(arg_3ch) = 0;
0x00402aac sw zero, 0x40(fp) | *(arg_40h) = 0;
0x00402ab0 sw zero, 0x48(fp) | *(arg_48h) = 0;
0x00402ab4 lw t8, 0x34(fp) | t8 = *(arg_34h);
| if (t8 != 0) {
0x00402ab8 beqz t8, 0x402af4 |
0x00402abc nop |
0x00402ac0 lw t8, 0x30(fp) | t8 = *(arg_30h);
| if (t8 == 0) {
0x00402ac4 beqz t8, 0x402af4 | goto label_0;
| }
0x00402ac8 nop |
0x00402acc lb t8, 0x2c(fp) | t8 = *(arg_2ch);
| if (t8 <= 0) {
0x00402ad0 blez t8, 0x402af4 | goto label_0;
| }
0x00402ad4 nop |
0x00402ad8 lb t8, 0x2c(fp) | t8 = *(arg_2ch);
0x00402adc slti t8, t8, 0xb | t8 = (t8 < 0xb) ? 1 : 0;
| if (t8 == 0) {
0x00402ae0 beqz t8, 0x402af4 | goto label_0;
| }
0x00402ae4 nop |
0x00402ae8 lw t8, 0x28(fp) | t8 = *(arg_28h);
| if (t8 != 0) {
0x00402aec bnez t8, 0x402b60 | goto label_1;
| }
0x00402af0 nop |
| }
| label_0:
0x00402af4 lw t8, -0x7ee8(gp) | t8 = *((gp - 8122));
0x00402af8 lw s0, (t8) | s0 = *(t8);
0x00402afc lw t8, -0x7e70(gp) | t8 = sym.imp.__errno_location;
0x00402b00 move t9, t8 | t9 = t8;
0x00402b04 jalr t9 | t9 ();
0x00402b08 nop |
0x00402b0c lw gp, 0x20(fp) | gp = *(arg_20h);
0x00402b10 move t8, v0 | t8 = v0;
0x00402b14 lw t8, (t8) | t8 = *(t8);
0x00402b18 addiu v0, zero, 0xea | v0 = 0xea;
0x00402b1c sw v0, 0x10(sp) | *(var_10h) = v0;
0x00402b20 sw t8, 0x14(sp) | *(var_14h) = t8;
0x00402b24 move a0, s0 | a0 = s0;
0x00402b28 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str._s___s____L_d:_Invalid_para__errno___d_n */
0x00402b2c addiu a1, t8, 0x77f8 | a1 = t8 + 0x77f8;
0x00402b30 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str.dbd.cpp */
0x00402b34 addiu a2, t8, 0x7824 | a2 = t8 + 0x7824;
0x00402b38 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str.xml_get */
0x00402b3c addiu a3, t8, 0x7f14 | a3 = t8 + 0x7f14;
0x00402b40 lw t8, -0x7f1c(gp) | t8 = sym.imp.fprintf;
0x00402b44 move t9, t8 | t9 = t8;
0x00402b48 jalr t9 | t9 ();
0x00402b4c nop |
0x00402b50 lw gp, 0x20(fp) | gp = *(arg_20h);
0x00402b54 addiu t8, zero, -7 | t8 = -7;
0x00402b58 b 0x402d2c | goto label_2;
0x00402b5c nop |
| label_1:
0x00402b60 lw a0, 0x28(fp) | a0 = *(arg_28h);
0x00402b64 move a1, zero | a1 = 0;
0x00402b68 addiu a2, zero, 0xe00 | a2 = 0xe00;
0x00402b6c lw t8, -0x7f14(gp) | t8 = sym.imp.memset;
0x00402b70 move t9, t8 | t9 = t8;
0x00402b74 jalr t9 | t9 ();
0x00402b78 nop |
0x00402b7c lw gp, 0x20(fp) | gp = *(arg_20h);
0x00402b80 lw t8, 0x34(fp) | t8 = *(arg_34h);
0x00402b84 sw t8, 0x3c(fp) | *(arg_3ch) = t8;
0x00402b88 sw zero, 0x44(fp) | *(arg_44h) = 0;
0x00402b8c b 0x402ca8 | goto label_3;
0x00402b90 nop |
| do {
0x00402b94 lb t8, 0x2c(fp) | t8 = *(arg_2ch);
0x00402b98 addiu v0, t8, -2 | v0 = t8 + -2;
0x00402b9c lw t8, 0x44(fp) | t8 = *(arg_44h);
| if (v0 == t8) {
0x00402ba0 bne v0, t8, 0x402bc8 |
0x00402ba4 nop |
0x00402ba8 lb v0, 0x2c(fp) | v0 = *(arg_2ch);
0x00402bac lui t8, 0x7ff | t8 = 0x7ffffff;
0x00402bb0 ori t8, t8, 0xffff |
0x00402bb4 addu t8, v0, t8 | t8 = v0 + t8;
0x00402bb8 sll t8, t8, 5 | t8 <<= 5;
0x00402bbc lw v0, 0x30(fp) | v0 = *(arg_30h);
0x00402bc0 addu t8, v0, t8 | t8 = v0 + t8;
0x00402bc4 sw t8, 0x40(fp) | *(arg_40h) = t8;
| }
0x00402bc8 lw t8, 0x44(fp) | t8 = *(arg_44h);
0x00402bcc sll t8, t8, 5 | t8 <<= 5;
0x00402bd0 lw v0, 0x30(fp) | v0 = *(arg_30h);
0x00402bd4 addu t8, v0, t8 | t8 = v0 + t8;
0x00402bd8 sw zero, 0x10(sp) | *(var_10h) = 0;
0x00402bdc addiu v0, zero, 1 | v0 = 1;
0x00402be0 sw v0, 0x14(sp) | *(var_14h) = v0;
0x00402be4 lw a0, 0x3c(fp) | a0 = *(arg_3ch);
0x00402be8 lw a1, 0x3c(fp) | a1 = *(arg_3ch);
0x00402bec move a2, t8 | a2 = t8;
0x00402bf0 lw a3, 0x40(fp) | a3 = *(arg_40h);
0x00402bf4 lw t8, -0x7ea8(gp) | t8 = sym.imp.mxmlFindElement;
0x00402bf8 move t9, t8 | t9 = t8;
0x00402bfc jalr t9 | t9 ();
0x00402c00 nop |
0x00402c04 lw gp, 0x20(fp) | gp = *(arg_20h);
0x00402c08 move t8, v0 | t8 = v0;
0x00402c0c sw t8, 0x3c(fp) | *(arg_3ch) = t8;
0x00402c10 lw t8, 0x3c(fp) | t8 = *(arg_3ch);
| if (t8 == 0) {
0x00402c14 bnez t8, 0x402c9c |
0x00402c18 nop |
0x00402c1c lw t8, -0x7ee8(gp) | t8 = *((gp - 8122));
0x00402c20 lw s0, (t8) | s0 = *(t8);
0x00402c24 lw t8, 0x44(fp) | t8 = *(arg_44h);
0x00402c28 sll t8, t8, 5 | t8 <<= 5;
0x00402c2c lw v0, 0x30(fp) | v0 = *(arg_30h);
0x00402c30 addu s1, v0, t8 | s1 = v0 + t8;
0x00402c34 lw t8, -0x7e70(gp) | t8 = sym.imp.__errno_location;
0x00402c38 move t9, t8 | t9 = t8;
0x00402c3c jalr t9 | t9 ();
0x00402c40 nop |
0x00402c44 lw gp, 0x20(fp) | gp = *(arg_20h);
0x00402c48 move t8, v0 | t8 = v0;
0x00402c4c lw t8, (t8) | t8 = *(t8);
0x00402c50 addiu v0, zero, 0xf6 | v0 = 0xf6;
0x00402c54 sw v0, 0x10(sp) | *(var_10h) = v0;
0x00402c58 sw s1, 0x14(sp) | *(var_14h) = s1;
0x00402c5c sw t8, 0x18(sp) | *(var_18h) = t8;
0x00402c60 move a0, s0 | a0 = s0;
0x00402c64 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str._s___s____L_d:_Cant_find_subnode:__s__errno___d_n */
0x00402c68 addiu a1, t8, 0x7878 | a1 = t8 + 0x7878;
0x00402c6c lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str.dbd.cpp */
0x00402c70 addiu a2, t8, 0x7824 | a2 = t8 + 0x7824;
0x00402c74 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str.xml_get */
0x00402c78 addiu a3, t8, 0x7f14 | a3 = t8 + 0x7f14;
0x00402c7c lw t8, -0x7f1c(gp) | t8 = sym.imp.fprintf;
0x00402c80 move t9, t8 | t9 = t8;
0x00402c84 jalr t9 | t9 ();
0x00402c88 nop |
0x00402c8c lw gp, 0x20(fp) | gp = *(arg_20h);
0x00402c90 addiu t8, zero, -0xb | t8 = -0xb;
0x00402c94 b 0x402d2c | goto label_2;
0x00402c98 nop |
| }
0x00402c9c lw t8, 0x44(fp) | t8 = *(arg_44h);
0x00402ca0 addiu t8, t8, 1 | t8++;
0x00402ca4 sw t8, 0x44(fp) | *(arg_44h) = t8;
| label_3:
0x00402ca8 lb t8, 0x2c(fp) | t8 = *(arg_2ch);
0x00402cac addiu v0, t8, -1 | v0 = t8 + -1;
0x00402cb0 lw t8, 0x44(fp) | t8 = *(arg_44h);
0x00402cb4 slt t8, t8, v0 | t8 = (t8 < v0) ? 1 : 0;
0x00402cb8 bnez t8, 0x402b94 |
| } while (t8 != 0);
0x00402cbc nop |
0x00402cc0 lb v0, 0x2c(fp) | v0 = *(arg_2ch);
0x00402cc4 lui t8, 0x7ff | t8 = 0x7ffffff;
0x00402cc8 ori t8, t8, 0xffff |
0x00402ccc addu t8, v0, t8 | t8 = v0 + t8;
0x00402cd0 sll t8, t8, 5 | t8 <<= 5;
0x00402cd4 lw v0, 0x30(fp) | v0 = *(arg_30h);
0x00402cd8 addu t8, v0, t8 | t8 = v0 + t8;
0x00402cdc lw a0, 0x3c(fp) | a0 = *(arg_3ch);
0x00402ce0 move a1, t8 | a1 = t8;
0x00402ce4 lw t8, -0x7ed8(gp) | t8 = sym.imp.mxmlElementGetAttr;
0x00402ce8 move t9, t8 | t9 = t8;
0x00402cec jalr t9 | t9 ();
0x00402cf0 nop |
0x00402cf4 lw gp, 0x20(fp) | gp = *(arg_20h);
0x00402cf8 move t8, v0 | t8 = v0;
0x00402cfc sw t8, 0x48(fp) | *(arg_48h) = t8;
0x00402d00 lw t8, 0x48(fp) | t8 = *(arg_48h);
| if (t8 != 0) {
0x00402d04 beqz t8, 0x402d28 |
0x00402d08 nop |
0x00402d0c lw a0, 0x28(fp) | a0 = *(arg_28h);
0x00402d10 lw a1, 0x48(fp) | a1 = *(arg_48h);
0x00402d14 lw t8, -0x7f58(gp) | t8 = sym.imp.strcpy
0x00402d18 move t9, t8 | t9 = t8;
0x00402d1c jalr t9 | t9 ();
0x00402d20 nop |
0x00402d24 lw gp, 0x20(fp) | gp = *(arg_20h);
| }
0x00402d28 move t8, zero | t8 = 0;
| label_2:
0x00402d2c move v0, t8 | v0 = t8;
0x00402d30 lw t8, -0x7e74(gp) | t8 = *((gp - 8093));
0x00402d34 lw v1, 0x4c(fp) | v1 = *(arg_4ch);
0x00402d38 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x00402d3c beq v1, t8, 0x402d54 |
0x00402d40 nop |
0x00402d44 lw t8, -0x7ee4(gp) | t8 = sym.imp.__stack_chk_fail;
0x00402d48 move t9, t8 | t9 = t8;
0x00402d4c jalr t9 | t9 ();
0x00402d50 nop |
| }
0x00402d54 move sp, fp |
0x00402d58 lw ra, 0x5c(sp) | ra = *(var_5ch);
0x00402d5c lw fp, 0x58(sp) | fp = *(var_58h);
0x00402d60 lw s1, 0x54(sp) | s1 = *(var_54h);
0x00402d64 lw s0, 0x50(sp) | s0 = *(var_50h);
0x00402d68 addiu sp, sp, 0x60 |
0x00402d6c jr ra | return v1;
0x00402d70 nop |
| }
[*] Function strcpy used 2 times dbd
