[*] Binary protection state of ble_hostname_util
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function printf tear down of ble_hostname_util
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/ble_hostname_util @ 0x400e30 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
0x00400e30 lui gp, 2 |
0x00400e34 addiu gp, gp, -0x2e10 |
0x00400e38 addu gp, gp, t9 | gp += t9;
0x00400e3c addiu sp, sp, -0x160 |
0x00400e40 sw ra, 0x15c(sp) | *(var_15ch) = ra;
0x00400e44 sw fp, 0x158(sp) | *(var_158h) = fp;
0x00400e48 sw s0, 0x154(sp) | *(var_154h) = s0;
0x00400e4c move fp, sp | fp = sp;
0x00400e50 sw gp, 0x18(sp) | *(var_18h) = gp;
0x00400e54 sw a0, 0x24(fp) | *(arg_24h) = a0;
0x00400e58 sw a1, 0x20(fp) | *(arg_20h) = a1;
0x00400e5c lw t8, -0x7f60(gp) | t8 = *((gp - 8152));
0x00400e60 lw t8, (t8) | t8 = *(t8);
0x00400e64 sw t8, 0x14c(fp) | *(arg_14ch) = t8;
0x00400e68 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00400e6c move a0, t8 | a0 = t8;
0x00400e70 lw t8, -0x7f88(gp) | t8 = *(gp);
0x00400e74 move t9, t8 | t9 = t8;
0x00400e78 jalr t9 | t9 ();
0x00400e7c nop |
0x00400e80 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00400e84 addiu v0, fp, 0xcc | v0 = fp + 0xcc;
0x00400e88 addiu t8, zero, 0x80 | t8 = 0x80;
0x00400e8c move a0, v0 | a0 = v0;
0x00400e90 move a1, zero | a1 = 0;
0x00400e94 move a2, t8 | a2 = t8;
0x00400e98 lw t8, -0x7f98(gp) | t8 = sym.imp.memset;
0x00400e9c move t9, t8 | t9 = t8;
0x00400ea0 jalr t9 | t9 ();
0x00400ea4 nop |
0x00400ea8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00400eac sw zero, 0x2c(fp) | *(arg_2ch) = 0;
0x00400eb0 sw zero, 0x30(fp) | *(arg_30h) = 0;
0x00400eb4 sw zero, 0x34(fp) | *(arg_34h) = 0;
0x00400eb8 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00400ebc slti t8, t8, 2 | t8 = (t8 < 2) ? 1 : 0;
| if (t8 != 0) {
0x00400ec0 beqz t8, 0x400ed4 |
0x00400ec4 nop |
0x00400ec8 addiu s0, zero, -1 | s0 = -1;
0x00400ecc b 0x401184 | goto label_0;
0x00400ed0 nop |
| }
0x00400ed4 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x00400ed8 addiu t8, t8, 4 | t8 += 4;
0x00400edc lw t8, (t8) | t8 = *(t8);
0x00400ee0 move a0, t8 | a0 = t8;
0x00400ee4 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* section..rodata */
0x00400ee8 addiu a1, t8, 0x5150 | a1 = t8 + 0x5150;
0x00400eec lw t8, -0x7fa4(gp) | t8 = sym.imp.strcmp;
0x00400ef0 move t9, t8 | t9 = t8;
0x00400ef4 jalr t9 | t9 ();
0x00400ef8 nop |
0x00400efc lw gp, 0x18(fp) | gp = *(arg_18h);
0x00400f00 move t8, v0 | t8 = v0;
| if (t8 == 0) {
0x00400f04 bnez t8, 0x400f1c |
0x00400f08 nop |
0x00400f0c addiu t8, zero, 1 | t8 = 1;
0x00400f10 sw t8, 0x34(fp) | *(arg_34h) = t8;
0x00400f14 b 0x400f88 | goto label_1;
0x00400f18 nop |
| }
0x00400f1c lw t8, 0x20(fp) | t8 = *(arg_20h);
0x00400f20 addiu t8, t8, 4 | t8 += 4;
0x00400f24 lw t8, (t8) | t8 = *(t8);
0x00400f28 move a0, t8 | a0 = t8;
0x00400f2c lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* esilref: 'set' */
0x00400f30 addiu a1, t8, 0x5154 | a1 = t8 + 0x5154;
0x00400f34 lw t8, -0x7fa4(gp) | t8 = sym.imp.strcmp;
0x00400f38 move t9, t8 | t9 = t8;
0x00400f3c jalr t9 | t9 ();
0x00400f40 nop |
0x00400f44 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00400f48 move t8, v0 | t8 = v0;
| if (t8 == 0) {
0x00400f4c bnez t8, 0x400f7c |
0x00400f50 nop |
0x00400f54 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00400f58 slti t8, t8, 3 | t8 = (t8 < 3) ? 1 : 0;
| if (t8 != 0) {
0x00400f5c beqz t8, 0x400f70 |
0x00400f60 nop |
0x00400f64 addiu s0, zero, -1 | s0 = -1;
0x00400f68 b 0x401184 | goto label_0;
0x00400f6c nop |
| }
0x00400f70 sw zero, 0x34(fp) | *(arg_34h) = 0;
0x00400f74 b 0x400f88 | goto label_1;
0x00400f78 nop |
| }
0x00400f7c addiu s0, zero, -1 | s0 = -1;
0x00400f80 b 0x401184 | goto label_0;
0x00400f84 nop |
| label_1:
0x00400f88 addiu t8, fp, 0x48 | t8 = fp + 0x48;
0x00400f8c move a0, t8 | a0 = t8;
0x00400f90 lw t8, -0x7f6c(gp) | t8 = sym.imp.cam_get_host__host_setting_;
0x00400f94 move t9, t8 | t9 = t8;
0x00400f98 jalr t9 | t9 ();
0x00400f9c nop |
0x00400fa0 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00400fa4 move t8, v0 | t8 = v0;
0x00400fa8 sw t8, 0x30(fp) | *(arg_30h) = t8;
0x00400fac lw v0, 0x34(fp) | v0 = *(arg_34h);
0x00400fb0 addiu t8, zero, 1 | t8 = 1;
| if (v0 == t8) {
0x00400fb4 bne v0, t8, 0x40104c |
0x00400fb8 nop |
0x00400fbc lw t8, 0x30(fp) | t8 = *(arg_30h);
| if (t8 != 0) {
0x00400fc0 bnez t8, 0x401130 | goto label_2;
| }
0x00400fc4 nop |
0x00400fc8 addiu t8, fp, 0x48 | t8 = fp + 0x48;
0x00400fcc move a0, t8 | a0 = t8;
0x00400fd0 lw t8, -0x7f74(gp) | t8 = sym.imp.strlen;
0x00400fd4 move t9, t8 | t9 = t8;
0x00400fd8 jalr t9 | t9 ();
0x00400fdc nop |
0x00400fe0 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00400fe4 move t8, v0 | t8 = v0;
0x00400fe8 move v0, t8 | v0 = t8;
0x00400fec addiu a0, fp, 0x28 | a0 = fp + 0x28;
0x00400ff0 addiu v1, fp, 0x48 | v1 = fp + 0x48;
0x00400ff4 addiu t8, fp, 0xcc | t8 = fp + 0xcc;
0x00400ff8 addiu a1, zero, 0x80 | a1 = 0x80;
0x00400ffc sw a1, 0x10(sp) | *(var_10h) = a1;
0x00401000 move a1, v1 | a1 = v1;
0x00401004 move a2, v0 | a2 = v0;
0x00401008 move a3, t8 | a3 = t8;
0x0040100c lw t8, -0x7fbc(gp) | t8 = *(gp);
0x00401010 move t9, t8 | t9 = t8;
0x00401014 jalr t9 | t9 ();
0x00401018 nop |
0x0040101c lw gp, 0x18(fp) | gp = *(arg_18h);
0x00401020 addiu t8, fp, 0xcc | t8 = fp + 0xcc;
0x00401024 lw v0, -0x7fdc(gp) | v0 = *(gp);
| /* esilref: '&s' */
0x00401028 addiu a0, v0, 0x5158 | a0 = v0 + 0x5158;
0x0040102c move a1, t8 | a1 = t8;
0x00401030 lw t8, -0x7fb4(gp) | t8 = sym.imp.printf
0x00401034 move t9, t8 | t9 = t8;
0x00401038 jalr t9 | t9 ();
0x0040103c nop |
0x00401040 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00401044 b 0x401130 | goto label_2;
0x00401048 nop |
| }
0x0040104c lw t8, 0x20(fp) | t8 = *(arg_20h);
0x00401050 addiu t8, t8, 8 | t8 += 8;
0x00401054 lw t8, (t8) | t8 = *(t8);
0x00401058 move a0, t8 | a0 = t8;
0x0040105c lw t8, -0x7fb8(gp) | t8 = sym.imp.strdup;
0x00401060 move t9, t8 | t9 = t8;
0x00401064 jalr t9 | t9 ();
0x00401068 nop |
0x0040106c lw gp, 0x18(fp) | gp = *(arg_18h);
0x00401070 move t8, v0 | t8 = v0;
0x00401074 sw t8, 0x2c(fp) | *(arg_2ch) = t8;
0x00401078 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x0040107c move a0, t8 | a0 = t8;
0x00401080 lw a1, 0x2c(fp) | a1 = *(arg_2ch);
0x00401084 lw t8, -0x7f80(gp) | t8 = *(gp);
0x00401088 move t9, t8 | t9 = t8;
0x0040108c jalr t9 | t9 ();
0x00401090 nop |
0x00401094 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00401098 addiu t8, fp, 0x48 | t8 = fp + 0x48;
0x0040109c move a0, t8 | a0 = t8;
0x004010a0 lw a1, 0x2c(fp) | a1 = *(arg_2ch);
0x004010a4 addiu a2, zero, 0x44 | a2 = 0x44;
0x004010a8 lw t8, -0x7f94(gp) | t8 = sym.imp.strncpy;
0x004010ac move t9, t8 | t9 = t8;
0x004010b0 jalr t9 | t9 ();
0x004010b4 nop |
0x004010b8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x004010bc addiu t8, fp, 0x38 | t8 = fp + 0x38;
0x004010c0 move a0, t8 | a0 = t8;
0x004010c4 lw t8, -0x7f64(gp) | t8 = sym.imp.cam_clean_actions__cam_actions_;
0x004010c8 move t9, t8 | t9 = t8;
0x004010cc jalr t9 | t9 ();
0x004010d0 nop |
0x004010d4 lw gp, 0x18(fp) | gp = *(arg_18h);
0x004010d8 addiu v0, fp, 0x48 | v0 = fp + 0x48;
0x004010dc addiu t8, fp, 0x38 | t8 = fp + 0x38;
0x004010e0 move a0, v0 | a0 = v0;
0x004010e4 move a1, t8 | a1 = t8;
0x004010e8 move a2, zero | a2 = 0;
0x004010ec lw t8, -0x7fac(gp) | t8 = sym.imp.cam_set_host__host_setting___cam_actions__unsigned_char_;
0x004010f0 move t9, t8 | t9 = t8;
0x004010f4 jalr t9 | t9 ();
0x004010f8 nop |
0x004010fc lw gp, 0x18(fp) | gp = *(arg_18h);
0x00401100 move t8, v0 | t8 = v0;
0x00401104 sw t8, 0x30(fp) | *(arg_30h) = t8;
0x00401108 lw t8, 0x30(fp) | t8 = *(arg_30h);
| if (t8 == 0) {
0x0040110c bnez t8, 0x401130 |
0x00401110 nop |
0x00401114 addiu t8, fp, 0x38 | t8 = fp + 0x38;
0x00401118 move a0, t8 | a0 = t8;
0x0040111c lw t8, -0x7fa0(gp) | t8 = sym.imp.cam_work_actions__cam_actions_;
0x00401120 move t9, t8 | t9 = t8;
0x00401124 jalr t9 | t9 ();
0x00401128 nop |
0x0040112c lw gp, 0x18(fp) | gp = *(arg_18h);
| }
| label_2:
0x00401130 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
| if (t8 != 0) {
0x00401134 beqz t8, 0x401158 |
0x00401138 nop |
0x0040113c lw a0, 0x2c(fp) | a0 = *(arg_2ch);
0x00401140 lw t8, -0x7fa8(gp) | t8 = sym.imp.free;
0x00401144 move t9, t8 | t9 = t8;
0x00401148 jalr t9 | t9 ();
0x0040114c nop |
0x00401150 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00401154 sw zero, 0x2c(fp) | *(arg_2ch) = 0;
| }
0x00401158 lw t8, 0x30(fp) | t8 = *(arg_30h);
| if (t8 != 0) {
0x0040115c beqz t8, 0x401180 |
0x00401160 nop |
0x00401164 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str.unknown_error */
0x00401168 addiu a0, t8, 0x515c | a0 = t8 + 0x515c;
0x0040116c lw t8, -0x7fb4(gp) | t8 = sym.imp.printf
0x00401170 move t9, t8 | t9 = t8;
0x00401174 jalr t9 | t9 ();
0x00401178 nop |
0x0040117c lw gp, 0x18(fp) | gp = *(arg_18h);
| }
0x00401180 move s0, zero | s0 = 0;
| label_0:
0x00401184 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00401188 move a0, t8 | a0 = t8;
0x0040118c lw t8, -0x7f68(gp) | t8 = *(gp);
0x00401190 move t9, t8 | t9 = t8;
0x00401194 jalr t9 | t9 ();
0x00401198 nop |
0x0040119c lw gp, 0x18(fp) | gp = *(arg_18h);
0x004011a0 move t8, s0 | t8 = s0;
0x004011a4 move v0, t8 | v0 = t8;
0x004011a8 lw t8, -0x7f60(gp) | t8 = *((gp - 8152));
0x004011ac lw v1, 0x14c(fp) | v1 = *(arg_14ch);
0x004011b0 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x004011b4 beq v1, t8, 0x401210 |
0x004011b8 nop |
0x004011bc b 0x401200 | goto label_3;
0x004011c0 nop |
| label_3:
0x00401200 lw t8, -0x7f8c(gp) | t8 = sym.imp.__stack_chk_fail;
0x00401204 move t9, t8 | t9 = t8;
0x00401208 jalr t9 | t9 ();
0x0040120c nop |
| }
0x00401210 move sp, fp |
0x00401214 lw ra, 0x15c(sp) | ra = *(var_15ch);
0x00401218 lw fp, 0x158(sp) | fp = *(var_158h);
0x0040121c lw s0, 0x154(sp) | s0 = *(var_154h);
0x00401220 addiu sp, sp, 0x160 |
0x00401224 jr ra | return v1;
0x00401228 nop |
| }
[*] Function printf used 3 times ble_hostname_util
