[*] Binary protection state of gpio
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function printf tear down of gpio
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/gpio @ 0x400990 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
| /* [11] -r-x section size 1392 named .text */
0x00400990 lui gp, 2 |
0x00400994 addiu gp, gp, -0x6980 |
0x00400998 addu gp, gp, t9 | gp += t9;
0x0040099c addiu sp, sp, -0x70 |
0x004009a0 sw ra, 0x6c(sp) | *(var_6ch) = ra;
0x004009a4 sw s7, 0x68(sp) | *(var_68h) = s7;
0x004009a8 sw s6, 0x64(sp) | *(var_64h) = s6;
0x004009ac sw s5, 0x60(sp) | *(var_60h) = s5;
0x004009b0 sw s4, 0x5c(sp) | *(var_5ch) = s4;
0x004009b4 sw s3, 0x58(sp) | *(var_58h) = s3;
0x004009b8 sw s2, 0x54(sp) | *(var_54h) = s2;
0x004009bc sw s1, 0x50(sp) | *(var_50h) = s1;
0x004009c0 sw s0, 0x4c(sp) | *(var_4ch) = s0;
0x004009c4 addiu s2, sp, 0x18 | s2 = sp + 0x18;
0x004009c8 lw s5, -0x7f90(gp) | s5 = *((gp - 8164));
0x004009cc move s1, a0 | s1 = a0;
0x004009d0 lw t9, -0x7fc8(gp) | t9 = *(gp);
0x004009d4 move a0, s2 | a0 = s2;
0x004009d8 lw t8, (s5) | t8 = *(s5);
0x004009dc move s4, a1 | s4 = a1;
0x004009e0 sw gp, 0x10(sp) | *(var_10h) = gp;
0x004009e4 sw t8, 0x44(sp) | *(var_44h) = t8;
0x004009e8 jalr t9 | t9 ();
0x004009ec nop |
0x004009f0 slti t8, s1, 3 | t8 = (s1 < 3) ? 1 : 0;
0x004009f4 lw gp, 0x10(sp) | gp = *(var_10h);
| if (t8 != 0) {
0x004009f8 beqz t8, 0x400a1c |
0x004009fc lw a0, -0x7fdc(gp) | a0 = *(gp);
0x00400a00 lw t9, -0x7fcc(gp) | t9 = sym.imp.puts;
| /* str.gpio__gpio_group___gpio_num___value__ngpio_group_:_01_ngpio_num___:_0_31_nvalue______:_01___only_when_write */
0x00400a04 addiu a0, a0, 0x1028 | a0 += 0x1028;
0x00400a08 jalr t9 | t9 ();
0x00400a0c lw gp, 0x10(sp) | gp = *(var_10h);
0x00400a10 lw t9, -0x7fb8(gp) | t9 = sym.imp.exit;
0x00400a14 move a0, zero | a0 = 0;
0x00400a18 jalr t9 | t9 ();
| }
0x00400a1c lw t9, -0x7fbc(gp) | t9 = sym.imp.atoi;
0x00400a20 lw a0, 4(s4) | a0 = *((s4 + 1));
0x00400a24 jalr t9 | t9 ();
0x00400a28 lw gp, 0x10(sp) | gp = *(var_10h);
0x00400a2c move s0, v0 | s0 = v0;
0x00400a30 lw t9, -0x7fbc(gp) | t9 = sym.imp.atoi;
0x00400a34 lw a0, 8(s4) | a0 = *((s4 + 2));
0x00400a38 jalr t9 | t9 ();
0x00400a3c addiu t8, zero, 3 | t8 = 3;
0x00400a40 lw gp, 0x10(sp) | gp = *(var_10h);
0x00400a44 move s3, v0 | s3 = v0;
| if (s1 != t8) {
0x00400a48 beq s1, t8, 0x400a68 |
0x00400a4c lw t9, -0x7fbc(gp) | t9 = sym.imp.atoi;
0x00400a50 move s6, zero | s6 = 0;
0x00400a54 lw a0, 0xc(s4) | a0 = *((s4 + 3));
0x00400a58 jalr t9 | t9 ();
0x00400a5c lw gp, 0x10(sp) | gp = *(var_10h);
0x00400a60 move s4, v0 | s4 = v0;
0x00400a64 b 0x400a70 |
| } else {
0x00400a68 addiu s6, zero, 1 | s6 = 1;
0x00400a6c move s4, zero | s4 = 0;
| }
0x00400a70 sltiu t8, s0, 3 | t8 = (s0 < 3) ? 1 : 0;
0x00400a74 sltiu t8, s3, 0x20 | t8 = (s3 < 0x20) ? 1 : 0;
| if (t8 == 0) {
0x00400a78 bnez t8, 0x400a88 |
0x00400a7c lw a0, -0x7fdc(gp) | a0 = *(gp);
| /* str.GPIO_Group_should_be_0__1_or_2 */
0x00400a80 addiu a0, a0, 0x1094 | a0 += 0x1094;
0x00400a84 b 0x400ad4 |
| } else {
0x00400a88 addiu t8, zero, 3 | t8 = 3;
| if (t8 == 0) {
0x00400a8c bnez t8, 0x400a9c |
0x00400a90 lw a0, -0x7fdc(gp) | a0 = *(gp);
| /* str.GPIO_Number_should_between_0_31 */
0x00400a94 addiu a0, a0, 0x10b4 | a0 += 0x10b4;
0x00400a98 b 0x400ad4 |
| } else {
0x00400a9c sltiu t8, s4, 2 | t8 = (s4 < 2) ? 1 : 0;
| if (s1 != t8) {
0x00400aa0 beq s1, t8, 0x400ab8 |
0x00400aa4 lw t9, -0x7fb4(gp) | t9 = *(gp);
| if (t8 == 0) {
0x00400aa8 bnez t8, 0x400abc |
0x00400aac lw a0, -0x7fdc(gp) | a0 = *(gp);
| /* str.Value_to_be_written_must_be_0_or_1 */
0x00400ab0 addiu a0, a0, 0x10d4 | a0 += 0x10d4;
0x00400ab4 b 0x400ad4 |
| } else {
0x00400ab8 lw t9, -0x7fb4(gp) | t9 = *(gp);
| }
0x00400abc move a0, s2 | a0 = s2;
0x00400ac0 jalr t9 | t9 ();
0x00400ac4 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == 0) {
0x00400ac8 beqz v0, 0x400ae8 | goto label_0;
| }
0x00400acc lw a0, -0x7fdc(gp) | a0 = *(gp);
| /* str.Error_on_init_gpiolib */
0x00400ad0 addiu a0, a0, 0x10f8 | a0 += 0x10f8;
| }
| }
| }
0x00400ad4 lw t9, -0x7fcc(gp) | t9 = sym.imp.puts;
0x00400ad8 addiu s0, zero, -1 | s0 = -1;
0x00400adc jalr t9 | t9 ();
0x00400ae0 lw gp, 0x10(sp) | gp = *(var_10h);
0x00400ae4 b 0x400bec | goto label_1;
| label_0:
0x00400ae8 lw t9, -0x7fc0(gp) | t9 = *(gp);
0x00400aec move a0, s2 | a0 = s2;
0x00400af0 move a1, s0 | a1 = s0;
0x00400af4 addiu s7, zero, 1 | s7 = 1;
0x00400af8 move a2, s3 | a2 = s3;
0x00400afc addiu s1, sp, 0x2c | s1 = sp + 0x2c;
0x00400b00 jalr t9 | t9 ();
0x00400b04 sll t8, s0, 2 | t8 = s0 << 2;
0x00400b08 lw gp, 0x10(sp) | gp = *(var_10h);
0x00400b0c addiu v0, sp, 0x48 | v0 = sp + 0x48;
0x00400b10 sllv s7, s7, s3 | s7 <<= s3;
0x00400b14 addu t8, v0, t8 | t8 = v0 + t8;
0x00400b18 sw zero, 0x2c(sp) | *(var_2ch) = 0;
0x00400b1c sw zero, 4(s1) | *((s1 + 1)) = 0;
0x00400b20 sw zero, 8(s1) | *((s1 + 2)) = 0;
0x00400b24 sw zero, 0xc(s1) | *((s1 + 3)) = 0;
0x00400b28 sw zero, 0x10(s1) | *((s1 + 4)) = 0;
0x00400b2c sw zero, 0x14(s1) | *((s1 + 5)) = 0;
0x00400b30 sw s7, -0x1c(t8) | *((t8 - 28)) = s7;
0x00400b34 lw t9, -0x7fc4(gp) | t9 = sym.imp.printf
| if (s6 != 0) {
0x00400b38 beqz s6, 0x400b98 |
0x00400b3c lw a0, -0x7fdc(gp) | a0 = *(gp);
0x00400b40 move a1, s0 | a1 = s0;
0x00400b44 move a2, s3 | a2 = s3;
0x00400b48 addiu s0, s0, 2 | s0 += 2;
| /* str.read_on_GPIO_d__d_value:__d_n */
0x00400b4c addiu a0, a0, 0x1110 | a0 += 0x1110;
0x00400b50 move a3, s4 | a3 = s4;
0x00400b54 jalr t9 | t9 ();
0x00400b58 move a0, s2 | a0 = s2;
0x00400b5c lw gp, 0x10(sp) | gp = *(var_10h);
0x00400b60 move a1, s1 | a1 = s1;
0x00400b64 lw t9, -0x7fb0(gp) | t9 = *(gp);
0x00400b68 sll s0, s0, 2 | s0 <<= 2;
0x00400b6c jalr t9 | t9 ();
0x00400b70 addiu t8, sp, 0x48 | t8 = sp + 0x48;
0x00400b74 lw gp, 0x10(sp) | gp = *(var_10h);
0x00400b78 addu s0, t8, s0 | s0 = t8 + s0;
0x00400b7c lw t8, -0x18(s0) | t8 = *((s0 - 6));
0x00400b80 lw a0, -0x7fdc(gp) | a0 = *(gp);
0x00400b84 srav a1, t8, s3 | __asm ("srav a1, t8, s3");
0x00400b88 lw t9, -0x7fc4(gp) | t9 = sym.imp.printf
| /* str.Result_:__d_n */
0x00400b8c addiu a0, a0, 0x1130 | a0 += 0x1130;
0x00400b90 andi a1, a1, 1 | a1 &= 1;
0x00400b94 b 0x400be0 |
| } else {
0x00400b98 lw a0, -0x7fdc(gp) | a0 = *(gp);
0x00400b9c move a1, s0 | a1 = s0;
0x00400ba0 move a2, s3 | a2 = s3;
| /* str.write_on_GPIO_d__d_value:__d_n */
0x00400ba4 addiu a0, a0, 0x1140 | a0 += 0x1140;
0x00400ba8 move a3, s4 | a3 = s4;
0x00400bac jalr t9 | t9 ();
0x00400bb0 lw gp, 0x10(sp) | gp = *(var_10h);
| if (s4 != 0) {
0x00400bb4 beqz s4, 0x400bd4 |
0x00400bb8 addiu s0, s0, 2 | s0 += 2;
0x00400bbc addiu v0, sp, 0x48 | v0 = sp + 0x48;
0x00400bc0 sll s0, s0, 2 | s0 <<= 2;
0x00400bc4 addu s0, v0, s0 | s0 = v0 + s0;
0x00400bc8 lw t8, -0x18(s0) | t8 = *((s0 - 6));
0x00400bcc or s7, t8, s7 | s7 = t8 | s7;
0x00400bd0 sw s7, -0x18(s0) | *((s0 - 6)) = s7;
| }
0x00400bd4 lw t9, -0x7fa4(gp) | t9 = *(gp);
0x00400bd8 move a0, s2 | a0 = s2;
0x00400bdc move a1, s1 | a1 = s1;
| }
0x00400be0 move s0, zero | s0 = 0;
0x00400be4 jalr t9 | t9 ();
0x00400be8 lw gp, 0x10(sp) | gp = *(var_10h);
| label_1:
0x00400bec lw t9, -0x7fa8(gp) | t9 = *(gp);
0x00400bf0 move a0, s2 | a0 = s2;
0x00400bf4 jalr t9 | t9 ();
0x00400bf8 move v0, s0 | v0 = s0;
0x00400bfc lw v1, 0x44(sp) | v1 = *(var_44h);
0x00400c00 lw t8, (s5) | t8 = *(s5);
0x00400c04 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v1 != t8) {
0x00400c08 beq v1, t8, 0x400c18 |
0x00400c0c lw t9, -0x7fac(gp) | t9 = sym.imp.__stack_chk_fail;
0x00400c10 jalr t9 | t9 ();
0x00400c14 nop |
| }
0x00400c18 lw ra, 0x6c(sp) | ra = *(var_6ch);
0x00400c1c lw s7, 0x68(sp) | s7 = *(var_68h);
0x00400c20 lw s6, 0x64(sp) | s6 = *(var_64h);
0x00400c24 lw s5, 0x60(sp) | s5 = *(var_60h);
0x00400c28 lw s4, 0x5c(sp) | s4 = *(var_5ch);
0x00400c2c lw s3, 0x58(sp) | s3 = *(var_58h);
0x00400c30 lw s2, 0x54(sp) | s2 = *(var_54h);
0x00400c34 lw s1, 0x50(sp) | s1 = *(var_50h);
0x00400c38 lw s0, 0x4c(sp) | s0 = *(var_4ch);
0x00400c3c addiu sp, sp, 0x70 |
0x00400c40 jr ra | return v1;
| }
[*] Function printf used 3 times gpio
