[*] Binary protection state of discovery
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of discovery
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/discovery @ 0x40c30c */
| #include <stdint.h>
|
; (fcn) method.Listener.setUUID__ () | void method_Listener_setUUID_ () {
| /* Listener::setUUID() */
0x0040c30c lui gp, 4 |
0x0040c310 addiu gp, gp, -0x629c |
0x0040c314 addu gp, gp, t9 | gp += t9;
0x0040c318 addiu sp, sp, -0x70 |
0x0040c31c sw ra, 0x6c(sp) | *(var_6ch) = ra;
0x0040c320 sw fp, 0x68(sp) | *(var_68h) = fp;
0x0040c324 move fp, sp | fp = sp;
0x0040c328 sw gp, 0x28(sp) | *(var_28h) = gp;
0x0040c32c sw a0, 0x34(fp) | *(arg_34h) = a0;
0x0040c330 lw t8, -0x7c04(gp) | t8 = *((gp - 7937));
0x0040c334 lw t8, (t8) | t8 = *(t8);
0x0040c338 sw t8, 0x64(fp) | *(arg_64h) = t8;
0x0040c33c lw t8, 0x34(fp) | t8 = *(arg_34h);
0x0040c340 addiu t8, t8, 0x23c | t8 += 0x23c;
0x0040c344 move a0, t8 | a0 = t8;
0x0040c348 lw t8, -0x7ca4(gp) | t8 = *(gp);
0x0040c34c move t9, t8 | t9 = t8;
0x0040c350 jalr t9 | t9 ();
0x0040c354 nop |
0x0040c358 lw gp, 0x28(fp) | gp = *(arg_28h);
0x0040c35c move t8, v0 | t8 = v0;
| if (t8 != 0) {
0x0040c360 beqz t8, 0x40c370 |
0x0040c364 nop |
0x0040c368 b 0x40c5a0 | goto label_0;
0x0040c36c nop |
| }
0x0040c370 addiu a0, zero, 2 | a0 = 2;
0x0040c374 addiu a1, zero, 2 | a1 = 2;
0x0040c378 move a2, zero | a2 = 0;
0x0040c37c lw t8, -0x7d48(gp) | t8 = sym.imp.socket;
0x0040c380 move t9, t8 | t9 = t8;
0x0040c384 jalr t9 | t9 ();
0x0040c388 nop |
0x0040c38c lw gp, 0x28(fp) | gp = *(arg_28h);
0x0040c390 sw v0, 0x38(fp) | *(arg_38h) = v0;
0x0040c394 lw t8, 0x38(fp) | t8 = *(arg_38h);
| if (t8 < 0) {
0x0040c398 bgez t8, 0x40c3c4 |
0x0040c39c nop |
0x0040c3a0 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.socket */
0x0040c3a4 addiu a0, t8, 0x6c88 | a0 = t8 + 0x6c88;
0x0040c3a8 lw t8, -0x7d18(gp) | t8 = sym.imp.perror;
0x0040c3ac move t9, t8 | t9 = t8;
0x0040c3b0 jalr t9 | t9 ();
0x0040c3b4 nop |
0x0040c3b8 lw gp, 0x28(fp) | gp = *(arg_28h);
0x0040c3bc b 0x40c5a0 | goto label_0;
0x0040c3c0 nop |
| }
0x0040c3c4 lw t8, 0x34(fp) | t8 = *(arg_34h);
0x0040c3c8 addiu t8, t8, 0x23c | t8 += 0x23c;
0x0040c3cc move a0, t8 | a0 = t8;
0x0040c3d0 lw t8, -0x7c20(gp) | t8 = *(gp);
0x0040c3d4 move t9, t8 | t9 = t8;
0x0040c3d8 jalr t9 | t9 ();
0x0040c3dc nop |
0x0040c3e0 lw gp, 0x28(fp) | gp = *(arg_28h);
0x0040c3e4 move t8, v0 | t8 = v0;
0x0040c3e8 addiu v0, fp, 0x44 | v0 = fp + 0x44;
0x0040c3ec move a0, v0 | a0 = v0;
0x0040c3f0 move a1, t8 | a1 = t8;
0x0040c3f4 lw t8, -0x7dbc(gp) | t8 = sym.imp.strcpy
0x0040c3f8 move t9, t8 | t9 = t8;
0x0040c3fc jalr t9 | t9 ();
0x0040c400 nop |
0x0040c404 lw gp, 0x28(fp) | gp = *(arg_28h);
0x0040c408 move t8, zero | t8 = 0;
0x0040c40c sb t8, 0x56(fp) | *(arg_56h) = t8;
0x0040c410 addiu t8, fp, 0x44 | t8 = fp + 0x44;
0x0040c414 lw a0, 0x38(fp) | a0 = *(arg_38h);
0x0040c418 ori a1, zero, 0x8927 | a1 = 0x8927;
0x0040c41c move a2, t8 | a2 = t8;
0x0040c420 lw t8, -0x7c5c(gp) | t8 = sym.imp.ioctl;
0x0040c424 move t9, t8 | t9 = t8;
0x0040c428 jalr t9 | t9 ();
0x0040c42c nop |
0x0040c430 lw gp, 0x28(fp) | gp = *(arg_28h);
0x0040c434 move t8, v0 | t8 = v0;
0x0040c438 srl t8, t8, 0x1f | t8 >>= 0x1f;
0x0040c43c andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x0040c440 beqz t8, 0x40c46c |
0x0040c444 nop |
0x0040c448 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.ioctl */
0x0040c44c addiu a0, t8, 0x6c90 | a0 = t8 + 0x6c90;
0x0040c450 lw t8, -0x7d18(gp) | t8 = sym.imp.perror;
0x0040c454 move t9, t8 | t9 = t8;
0x0040c458 jalr t9 | t9 ();
0x0040c45c nop |
0x0040c460 lw gp, 0x28(fp) | gp = *(arg_28h);
0x0040c464 b 0x40c5a0 | goto label_0;
0x0040c468 nop |
| }
0x0040c46c addiu t8, zero, 0x40 | t8 = 0x40;
0x0040c470 move a0, t8 | a0 = t8;
0x0040c474 lw t8, -0x7c4c(gp) | t8 = sym.imp.malloc;
0x0040c478 move t9, t8 | t9 = t8;
0x0040c47c jalr t9 | t9 ();
0x0040c480 nop |
0x0040c484 lw gp, 0x28(fp) | gp = *(arg_28h);
0x0040c488 move t8, v0 | t8 = v0;
0x0040c48c sw t8, 0x3c(fp) | *(arg_3ch) = t8;
0x0040c490 lw a0, 0x3c(fp) | a0 = *(arg_3ch);
0x0040c494 move a1, zero | a1 = 0;
0x0040c498 addiu a2, zero, 0x40 | a2 = 0x40;
0x0040c49c lw t8, -0x7d04(gp) | t8 = sym.imp.memset;
0x0040c4a0 move t9, t8 | t9 = t8;
0x0040c4a4 jalr t9 | t9 ();
0x0040c4a8 nop |
0x0040c4ac lw gp, 0x28(fp) | gp = *(arg_28h);
0x0040c4b0 addiu t8, fp, 0x44 | t8 = fp + 0x44;
0x0040c4b4 addiu t8, t8, 0x12 | t8 += 0x12;
0x0040c4b8 sw t8, 0x40(fp) | *(arg_40h) = t8;
0x0040c4bc lw t8, 0x40(fp) | t8 = *(arg_40h);
0x0040c4c0 lbu t8, (t8) | t8 = *(t8);
0x0040c4c4 move a2, t8 | a2 = t8;
0x0040c4c8 lw t8, 0x40(fp) | t8 = *(arg_40h);
0x0040c4cc addiu t8, t8, 1 | t8++;
0x0040c4d0 lbu t8, (t8) | t8 = *(t8);
0x0040c4d4 move a1, t8 | a1 = t8;
0x0040c4d8 lw t8, 0x40(fp) | t8 = *(arg_40h);
0x0040c4dc addiu t8, t8, 2 | t8 += 2;
0x0040c4e0 lbu t8, (t8) | t8 = *(t8);
0x0040c4e4 move a0, t8 | a0 = t8;
0x0040c4e8 lw t8, 0x40(fp) | t8 = *(arg_40h);
0x0040c4ec addiu t8, t8, 3 | t8 += 3;
0x0040c4f0 lbu t8, (t8) | t8 = *(t8);
0x0040c4f4 move v1, t8 | v1 = t8;
0x0040c4f8 lw t8, 0x40(fp) | t8 = *(arg_40h);
0x0040c4fc addiu t8, t8, 4 | t8 += 4;
0x0040c500 lbu t8, (t8) | t8 = *(t8);
0x0040c504 move v0, t8 | v0 = t8;
0x0040c508 lw t8, 0x40(fp) | t8 = *(arg_40h);
0x0040c50c addiu t8, t8, 5 | t8 += 5;
0x0040c510 lbu t8, (t8) | t8 = *(t8);
0x0040c514 sw a2, 0x10(sp) | *(var_10h) = a2;
0x0040c518 sw a1, 0x14(sp) | *(var_14h) = a1;
0x0040c51c sw a0, 0x18(sp) | *(var_18h) = a0;
0x0040c520 sw v1, 0x1c(sp) | *(var_1ch) = v1;
0x0040c524 sw v0, 0x20(sp) | *(var_20h) = v0;
0x0040c528 sw t8, 0x24(sp) | *(var_24h) = t8;
0x0040c52c lw a0, 0x3c(fp) | a0 = *(arg_3ch);
0x0040c530 addiu a1, zero, 0x40 | a1 = 0x40;
0x0040c534 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str._s__02x_02x_02x_02x_02x_02x */
0x0040c538 addiu a2, t8, 0x6c98 | a2 = t8 + 0x6c98;
0x0040c53c lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.bc329e00_1dd8_11b2_8601 */
0x0040c540 addiu a3, t8, 0x6cb4 | a3 = t8 + 0x6cb4;
0x0040c544 lw t8, -0x7c84(gp) | t8 = sym.imp.snprintf;
0x0040c548 move t9, t8 | t9 = t8;
0x0040c54c jalr t9 | t9 ();
0x0040c550 nop |
0x0040c554 lw gp, 0x28(fp) | gp = *(arg_28h);
0x0040c558 lw t8, 0x38(fp) | t8 = *(arg_38h);
| if (t8 != 0) {
0x0040c55c beqz t8, 0x40c57c |
0x0040c560 nop |
0x0040c564 lw a0, 0x38(fp) | a0 = *(arg_38h);
0x0040c568 lw t8, -0x7cec(gp) | t8 = sym.imp.close;
0x0040c56c move t9, t8 | t9 = t8;
0x0040c570 jalr t9 | t9 ();
0x0040c574 nop |
0x0040c578 lw gp, 0x28(fp) | gp = *(arg_28h);
| }
0x0040c57c lw t8, 0x34(fp) | t8 = *(arg_34h);
0x0040c580 addiu t8, t8, 0x238 | t8 += 0x238;
0x0040c584 move a0, t8 | a0 = t8;
0x0040c588 lw a1, 0x3c(fp) | a1 = *(arg_3ch);
0x0040c58c lw t8, -0x7be8(gp) | t8 = *(gp);
0x0040c590 move t9, t8 | t9 = t8;
0x0040c594 jalr t9 | t9 ();
0x0040c598 nop |
0x0040c59c lw gp, 0x28(fp) | gp = *(arg_28h);
| label_0:
0x0040c5a0 lw t8, -0x7c04(gp) | t8 = *((gp - 7937));
0x0040c5a4 lw v0, 0x64(fp) | v0 = *(arg_64h);
0x0040c5a8 lw t8, (t8) | t8 = *(t8);
| if (v0 != t8) {
0x0040c5ac beq v0, t8, 0x40c5c4 |
0x0040c5b0 nop |
0x0040c5b4 lw t8, -0x7cc8(gp) | t8 = sym.imp.__stack_chk_fail;
0x0040c5b8 move t9, t8 | t9 = t8;
0x0040c5bc jalr t9 | t9 ();
0x0040c5c0 nop |
| }
0x0040c5c4 move sp, fp |
0x0040c5c8 lw ra, 0x6c(sp) | ra = *(var_6ch);
0x0040c5cc lw fp, 0x68(sp) | fp = *(var_68h);
0x0040c5d0 addiu sp, sp, 0x70 |
0x0040c5d4 jr ra | return v0;
0x0040c5d8 nop |
| }
[*] Function strcpy used 2 times discovery
