[*] Binary protection state of mfgbox
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of mfgbox
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/bin/mfgbox @ 0x404b34 */
| #include <stdint.h>
|
; (fcn) sym.TestFlash_int_ () | void TestFlash_int_ () {
| /* TestFlash(int) */
0x00404b34 lui gp, 2 |
0x00404b38 addiu gp, gp, 0x51c |
0x00404b3c addu gp, gp, t9 | gp += t9;
0x00404b40 addiu sp, sp, -0x35f0 |
0x00404b44 sw ra, 0x35ec(sp) | *(arg_35ech) = ra;
0x00404b48 sw fp, 0x35e8(sp) | *(arg_35e8h) = fp;
0x00404b4c sw s1, 0x35e4(sp) | *(arg_35e4h) = s1;
0x00404b50 sw s0, 0x35e0(sp) | *(arg_35e0h) = s0;
0x00404b54 move fp, sp | fp = sp;
0x00404b58 sw gp, 0x10(sp) | *(arg_10h) = gp;
0x00404b5c sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x00404b60 lw t8, -0x7e58(gp) | t8 = *((gp - 8086));
0x00404b64 lw t8, (t8) | t8 = *(t8);
0x00404b68 sw t8, 0x35dc(fp) | *(arg_35dch) = t8;
0x00404b6c addiu t8, fp, 0x34 | t8 = fp + 0x34;
0x00404b70 move a0, t8 | a0 = t8;
0x00404b74 lw t8, -0x7f84(gp) | t8 = *(gp);
0x00404b78 move t9, t8 | t9 = t8;
0x00404b7c jalr t9 | t9 ();
0x00404b80 nop |
0x00404b84 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404b88 lw v0, 0x1c(fp) | v0 = *(arg_1ch);
0x00404b8c addiu t8, zero, 1 | t8 = 1;
| if (v0 != t8) {
0x00404b90 beq v0, t8, 0x404bbc |
0x00404b94 nop |
0x00404b98 lw t8, -0x7f8c(gp) | t8 = *(gp);
| /* aav.0x00404ab0 */
0x00404b9c addiu t8, t8, 0x4ab0 | t8 += 0x4ab0;
0x00404ba0 move t9, t8 | t9 = t8;
0x00404ba4 jalr t9 | t9 ();
0x00404ba8 nop |
0x00404bac lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404bb0 move s0, zero | s0 = 0;
0x00404bb4 b 0x404eb0 | goto label_0;
0x00404bb8 nop |
| }
0x00404bbc addiu t8, fp, 0x34 | t8 = fp + 0x34;
0x00404bc0 move a0, t8 | a0 = t8;
0x00404bc4 lw t8, -0x7f18(gp) | t8 = *(gp);
0x00404bc8 move t9, t8 | t9 = t8;
0x00404bcc jalr t9 | t9 ();
0x00404bd0 nop |
0x00404bd4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404bd8 addiu v0, fp, 0x20 | v0 = fp + 0x20;
0x00404bdc addiu t8, fp, 0x34 | t8 = fp + 0x34;
0x00404be0 move a0, v0 | a0 = v0;
0x00404be4 move a1, t8 | a1 = t8;
0x00404be8 lw t8, -0x7eec(gp) | t8 = *(gp);
0x00404bec move t9, t8 | t9 = t8;
0x00404bf0 jalr t9 | t9 ();
0x00404bf4 nop |
0x00404bf8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404bfc addiu t8, fp, 0x20 | t8 = fp + 0x20;
0x00404c00 move a0, t8 | a0 = t8;
0x00404c04 lw t8, -0x7e6c(gp) | t8 = *(gp);
0x00404c08 move t9, t8 | t9 = t8;
0x00404c0c jalr t9 | t9 ();
0x00404c10 nop |
0x00404c14 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404c18 move t8, v0 | t8 = v0;
0x00404c1c addiu v0, fp, 0x355c | v0 = fp + 0x355c;
0x00404c20 move a0, v0 | a0 = v0;
0x00404c24 move a1, t8 | a1 = t8;
0x00404c28 lw t8, -0x7f54(gp) | t8 = sym.imp.strcpy
0x00404c2c move t9, t8 | t9 = t8;
0x00404c30 jalr t9 | t9 ();
0x00404c34 nop |
0x00404c38 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404c3c addiu t8, fp, 0x20 | t8 = fp + 0x20;
0x00404c40 move a0, t8 | a0 = t8;
0x00404c44 lw t8, -0x7e9c(gp) | t8 = *(gp);
0x00404c48 move t9, t8 | t9 = t8;
0x00404c4c jalr t9 | t9 ();
0x00404c50 nop |
0x00404c54 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404c58 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00404c5c move a0, t8 | a0 = t8;
0x00404c60 lw t8, -0x7f40(gp) | t8 = *(gp);
0x00404c64 move t9, t8 | t9 = t8;
0x00404c68 jalr t9 | t9 ();
0x00404c6c nop |
0x00404c70 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404c74 addiu v0, fp, 0x24 | v0 = fp + 0x24;
0x00404c78 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00404c7c move a0, v0 | a0 = v0;
0x00404c80 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str.1234567890123456789012345678901234567890123456789012345678909999 */
0x00404c84 addiu a1, v0, -0x569c | a1 = v0 + -0x569c;
0x00404c88 move a2, t8 | a2 = t8;
0x00404c8c lw t8, -0x7ed4(gp) | t8 = *(gp);
0x00404c90 move t9, t8 | t9 = t8;
0x00404c94 jalr t9 | t9 ();
0x00404c98 nop |
0x00404c9c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404ca0 addiu v0, fp, 0x34 | v0 = fp + 0x34;
0x00404ca4 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00404ca8 move a0, v0 | a0 = v0;
0x00404cac move a1, t8 | a1 = t8;
0x00404cb0 lw t8, -0x7e60(gp) | t8 = *(gp);
0x00404cb4 move t9, t8 | t9 = t8;
0x00404cb8 jalr t9 | t9 ();
0x00404cbc nop |
0x00404cc0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404cc4 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00404cc8 move a0, t8 | a0 = t8;
0x00404ccc lw t8, -0x7e9c(gp) | t8 = *(gp);
0x00404cd0 move t9, t8 | t9 = t8;
0x00404cd4 jalr t9 | t9 ();
0x00404cd8 nop |
0x00404cdc lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404ce0 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00404ce4 move a0, t8 | a0 = t8;
0x00404ce8 lw t8, -0x7f0c(gp) | t8 = *(gp);
0x00404cec move t9, t8 | t9 = t8;
0x00404cf0 jalr t9 | t9 ();
0x00404cf4 nop |
0x00404cf8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404cfc addiu t8, fp, 0x34 | t8 = fp + 0x34;
0x00404d00 move a0, t8 | a0 = t8;
0x00404d04 lw t8, -0x7ec4(gp) | t8 = *(gp);
0x00404d08 move t9, t8 | t9 = t8;
0x00404d0c jalr t9 | t9 ();
0x00404d10 nop |
0x00404d14 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404d18 addiu v0, fp, 0x28 | v0 = fp + 0x28;
0x00404d1c addiu t8, fp, 0x34 | t8 = fp + 0x34;
0x00404d20 move a0, v0 | a0 = v0;
0x00404d24 move a1, t8 | a1 = t8;
0x00404d28 lw t8, -0x7eec(gp) | t8 = *(gp);
0x00404d2c move t9, t8 | t9 = t8;
0x00404d30 jalr t9 | t9 ();
0x00404d34 nop |
0x00404d38 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404d3c addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00404d40 move a0, t8 | a0 = t8;
0x00404d44 lw t8, -0x7e6c(gp) | t8 = *(gp);
0x00404d48 move t9, t8 | t9 = t8;
0x00404d4c jalr t9 | t9 ();
0x00404d50 nop |
0x00404d54 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404d58 move t8, v0 | t8 = v0;
0x00404d5c move a0, t8 | a0 = t8;
0x00404d60 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.1234567890123456789012345678901234567890123456789012345678909999 */
0x00404d64 addiu a1, t8, -0x569c | a1 = t8 + -0x569c;
0x00404d68 lw t8, -0x7f2c(gp) | t8 = sym.imp.strcmp;
0x00404d6c move t9, t8 | t9 = t8;
0x00404d70 jalr t9 | t9 ();
0x00404d74 nop |
0x00404d78 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404d7c move t8, v0 | t8 = v0;
0x00404d80 sltiu t8, t8, 1 | t8 = (t8 < 1) ? 1 : 0;
0x00404d84 andi s0, t8, 0xff | s0 = t8 & 0xff;
0x00404d88 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00404d8c move a0, t8 | a0 = t8;
0x00404d90 lw t8, -0x7e9c(gp) | t8 = *(gp);
0x00404d94 move t9, t8 | t9 = t8;
0x00404d98 jalr t9 | t9 ();
0x00404d9c nop |
0x00404da0 lw gp, 0x10(fp) | gp = *(arg_10h);
| if (s0 != 0) {
0x00404da4 beqz s0, 0x404dd0 |
0x00404da8 nop |
0x00404dac lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* esilref: 'ok' */
0x00404db0 addiu a0, t8, -0x5658 | a0 = t8 + -0x5658;
0x00404db4 lw t8, -0x7f4c(gp) | t8 = sym.imp.puts;
0x00404db8 move t9, t8 | t9 = t8;
0x00404dbc jalr t9 | t9 ();
0x00404dc0 nop |
0x00404dc4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404dc8 b 0x404dec | goto label_1;
0x00404dcc nop |
| }
0x00404dd0 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* esilref: 'failed' */
0x00404dd4 addiu a0, t8, -0x5654 | a0 = t8 + -0x5654;
0x00404dd8 lw t8, -0x7f4c(gp) | t8 = sym.imp.puts;
0x00404ddc move t9, t8 | t9 = t8;
0x00404de0 jalr t9 | t9 ();
0x00404de4 nop |
0x00404de8 lw gp, 0x10(fp) | gp = *(arg_10h);
| label_1:
0x00404dec addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00404df0 move a0, t8 | a0 = t8;
0x00404df4 lw t8, -0x7f40(gp) | t8 = *(gp);
0x00404df8 move t9, t8 | t9 = t8;
0x00404dfc jalr t9 | t9 ();
0x00404e00 nop |
0x00404e04 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404e08 addiu v1, fp, 0x2c | v1 = fp + 0x2c;
0x00404e0c addiu v0, fp, 0x355c | v0 = fp + 0x355c;
0x00404e10 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00404e14 move a0, v1 | a0 = v1;
0x00404e18 move a1, v0 | a1 = v0;
0x00404e1c move a2, t8 | a2 = t8;
0x00404e20 lw t8, -0x7ed4(gp) | t8 = *(gp);
0x00404e24 move t9, t8 | t9 = t8;
0x00404e28 jalr t9 | t9 ();
0x00404e2c nop |
0x00404e30 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404e34 addiu v0, fp, 0x34 | v0 = fp + 0x34;
0x00404e38 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00404e3c move a0, v0 | a0 = v0;
0x00404e40 move a1, t8 | a1 = t8;
0x00404e44 lw t8, -0x7e60(gp) | t8 = *(gp);
0x00404e48 move t9, t8 | t9 = t8;
0x00404e4c jalr t9 | t9 ();
0x00404e50 nop |
0x00404e54 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404e58 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00404e5c move a0, t8 | a0 = t8;
0x00404e60 lw t8, -0x7e9c(gp) | t8 = *(gp);
0x00404e64 move t9, t8 | t9 = t8;
0x00404e68 jalr t9 | t9 ();
0x00404e6c nop |
0x00404e70 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404e74 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00404e78 move a0, t8 | a0 = t8;
0x00404e7c lw t8, -0x7f0c(gp) | t8 = *(gp);
0x00404e80 move t9, t8 | t9 = t8;
0x00404e84 jalr t9 | t9 ();
0x00404e88 nop |
0x00404e8c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404e90 addiu t8, fp, 0x34 | t8 = fp + 0x34;
0x00404e94 move a0, t8 | a0 = t8;
0x00404e98 lw t8, -0x7ec4(gp) | t8 = *(gp);
0x00404e9c move t9, t8 | t9 = t8;
0x00404ea0 jalr t9 | t9 ();
0x00404ea4 nop |
0x00404ea8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404eac addiu s0, zero, 1 | s0 = 1;
| label_0:
0x00404eb0 addiu t8, fp, 0x34 | t8 = fp + 0x34;
0x00404eb4 move a0, t8 | a0 = t8;
0x00404eb8 lw t8, -0x7e4c(gp) | t8 = sym.imp.PIB::PIB__;
0x00404ebc move t9, t8 | t9 = t8;
0x00404ec0 jalr t9 | t9 ();
0x00404ec4 nop |
0x00404ec8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404ecc addiu t8, zero, 1 | t8 = 1;
| if (s0 != t8) {
0x00404ed0 beq s0, t8, 0x404ee0 |
0x00404ed4 nop |
0x00404ed8 b 0x405138 | goto label_2;
0x00404edc nop |
| }
0x00404ee0 nop |
0x00404ee4 b 0x405138 | goto label_2;
0x00404ee8 nop |
| label_2:
0x00405138 lw t8, -0x7e58(gp) | t8 = *((gp - 8086));
0x0040513c lw v0, 0x35dc(fp) | v0 = *(arg_35dch);
0x00405140 lw t8, (t8) | t8 = *(t8);
| if (v0 != t8) {
0x00405144 beq v0, t8, 0x40515c |
0x00405148 nop |
0x0040514c lw t8, -0x7ebc(gp) | t8 = sym.imp.__stack_chk_fail;
0x00405150 move t9, t8 | t9 = t8;
0x00405154 jalr t9 | t9 ();
0x00405158 nop |
| }
0x0040515c move sp, fp |
0x00405160 lw ra, 0x35ec(sp) | ra = *(arg_35ech);
0x00405164 lw fp, 0x35e8(sp) | fp = *(arg_35e8h);
0x00405168 lw s1, 0x35e4(sp) | s1 = *(arg_35e4h);
0x0040516c lw s0, 0x35e0(sp) | s0 = *(arg_35e0h);
0x00405170 addiu sp, sp, 0x35f0 |
0x00405174 jr ra | return v0;
0x00405178 nop |
| }
[*] Function strcpy used 2 times mfgbox
