[*] Binary protection state of ipv6_get_network_id
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function printf tear down of ipv6_get_network_id
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/ipv6_get_network_id @ 0x400ac4 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
0x00400ac4 lui gp, 2 |
0x00400ac8 addiu gp, gp, -0x7ab4 |
0x00400acc addu gp, gp, t9 | gp += t9;
0x00400ad0 addiu sp, sp, -0x38 |
0x00400ad4 sw ra, 0x34(sp) | *(var_34h) = ra;
0x00400ad8 sw fp, 0x30(sp) | *(var_30h) = fp;
0x00400adc sw s0, 0x2c(sp) | *(var_2ch) = s0;
0x00400ae0 move fp, sp | fp = sp;
0x00400ae4 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00400ae8 sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x00400aec sw a1, 0x18(fp) | *(envp) = a1;
0x00400af0 lw t8, -0x7fb4(gp) | t8 = *((gp - 8173));
0x00400af4 lw t8, (t8) | t8 = *(t8);
0x00400af8 sw t8, 0x24(fp) | *(arg_24h) = t8;
0x00400afc lw t8, 0x1c(fp) | t8 = *(arg_1ch);
0x00400b00 slti t8, t8, 4 | t8 = (t8 < 4) ? 1 : 0;
| if (t8 != 0) {
0x00400b04 beqz t8, 0x400b40 |
0x00400b08 nop |
0x00400b0c lw t8, 0x18(fp) | t8 = *(envp);
0x00400b10 lw t8, (t8) | t8 = *(t8);
0x00400b14 lw v0, -0x7fdc(gp) | v0 = *(gp);
| /* str.Usage:__s__ipv6_address___prefix___gateway_ */
0x00400b18 addiu a0, v0, 0xd2c | a0 = v0 + 0xd2c;
0x00400b1c move a1, t8 | a1 = t8;
0x00400b20 lw t8, -0x7fd0(gp) | t8 = sym.imp.printf
0x00400b24 move t9, t8 | t9 = t8;
0x00400b28 jalr t9 | t9 ();
0x00400b2c nop |
0x00400b30 lw gp, 0x10(fp) | gp = *(argv);
0x00400b34 move t8, zero | t8 = 0;
0x00400b38 b 0x400ba0 | goto label_0;
0x00400b3c nop |
| }
0x00400b40 lw t8, 0x18(fp) | t8 = *(envp);
0x00400b44 addiu t8, t8, 4 | t8 += 4;
0x00400b48 lw s0, (t8) | s0 = *(t8);
0x00400b4c lw t8, 0x18(fp) | t8 = *(envp);
0x00400b50 addiu t8, t8, 8 | t8 += 8;
0x00400b54 lw t8, (t8) | t8 = *(t8);
0x00400b58 move a0, t8 | a0 = t8;
0x00400b5c lw t8, -0x7fcc(gp) | t8 = sym.imp.atoi;
0x00400b60 move t9, t8 | t9 = t8;
0x00400b64 jalr t9 | t9 ();
0x00400b68 nop |
0x00400b6c lw gp, 0x10(fp) | gp = *(argv);
0x00400b70 lw t8, 0x18(fp) | t8 = *(envp);
0x00400b74 addiu t8, t8, 0xc | t8 += 0xc;
0x00400b78 lw t8, (t8) | t8 = *(t8);
0x00400b7c move a0, s0 | a0 = s0;
0x00400b80 move a1, v0 | a1 = v0;
0x00400b84 move a2, t8 | a2 = t8;
0x00400b88 lw t8, -0x7fd8(gp) | t8 = sym.check_network_id_char_const__int__char_const_;
0x00400b8c move t9, t8 | t9 = t8;
0x00400b90 jalr t9 | t9 ();
0x00400b94 nop |
0x00400b98 lw gp, 0x10(fp) | gp = *(argv);
0x00400b9c move t8, v0 | t8 = v0;
| label_0:
0x00400ba0 move v0, t8 | v0 = t8;
0x00400ba4 lw t8, -0x7fb4(gp) | t8 = *((gp - 8173));
0x00400ba8 lw v1, 0x24(fp) | v1 = *(arg_24h);
0x00400bac lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x00400bb0 beq v1, t8, 0x400bc8 |
0x00400bb4 nop |
0x00400bb8 lw t8, -0x7fc0(gp) | t8 = sym.imp.__stack_chk_fail;
0x00400bbc move t9, t8 | t9 = t8;
0x00400bc0 jalr t9 | t9 ();
0x00400bc4 nop |
| }
0x00400bc8 move sp, fp |
0x00400bcc lw ra, 0x34(sp) | ra = *(var_34h);
0x00400bd0 lw fp, 0x30(sp) | fp = *(var_30h);
0x00400bd4 lw s0, 0x2c(sp) | s0 = *(var_2ch);
0x00400bd8 addiu sp, sp, 0x38 |
0x00400bdc jr ra | return v1;
0x00400be0 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/ipv6_get_network_id @ 0x400910 */
| #include <stdint.h>
|
; (fcn) sym.check_network_id_char_const__int__char_const_ () | void check_network_id_char_const_int_char_const_ () {
| /* check_network_id(char const*, int, char const*) */
0x00400910 lui gp, 2 |
0x00400914 addiu gp, gp, -0x7900 |
0x00400918 addu gp, gp, t9 | gp += t9;
0x0040091c addiu sp, sp, -0x240 |
0x00400920 sw ra, 0x23c(sp) | *(var_23ch) = ra;
0x00400924 sw fp, 0x238(sp) | *(var_238h) = fp;
0x00400928 move fp, sp | fp = sp;
0x0040092c sw gp, 0x10(sp) | *(var_10h) = gp;
0x00400930 sw a0, 0x24(fp) | *(arg_24h) = a0;
0x00400934 sw a1, 0x20(fp) | *(arg_20h) = a1;
0x00400938 sw a2, 0x1c(fp) | *(arg_1ch) = a2;
0x0040093c lw t8, -0x7fb4(gp) | t8 = *((gp - 8173));
0x00400940 lw t8, (t8) | t8 = *(t8);
0x00400944 sw t8, 0x234(fp) | *(arg_234h) = t8;
0x00400948 addiu v0, fp, 0x34 | v0 = fp + 0x34;
0x0040094c addiu t8, zero, 0x100 | t8 = 0x100;
0x00400950 move a0, v0 | a0 = v0;
0x00400954 move a1, zero | a1 = 0;
0x00400958 move a2, t8 | a2 = t8;
0x0040095c lw t8, -0x7fc8(gp) | t8 = sym.imp.memset;
0x00400960 move t9, t8 | t9 = t8;
0x00400964 jalr t9 | t9 ();
0x00400968 nop |
0x0040096c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00400970 addiu v0, fp, 0x134 | v0 = fp + 0x134;
0x00400974 addiu t8, zero, 0x100 | t8 = 0x100;
0x00400978 move a0, v0 | a0 = v0;
0x0040097c move a1, zero | a1 = 0;
0x00400980 move a2, t8 | a2 = t8;
0x00400984 lw t8, -0x7fc8(gp) | t8 = sym.imp.memset;
0x00400988 move t9, t8 | t9 = t8;
0x0040098c jalr t9 | t9 ();
0x00400990 nop |
0x00400994 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00400998 sw zero, 0x2c(fp) | *(arg_2ch) = 0;
0x0040099c sw zero, 0x30(fp) | *(arg_30h) = 0;
0x004009a0 addiu t8, fp, 0x34 | t8 = fp + 0x34;
0x004009a4 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x004009a8 lw a1, 0x20(fp) | a1 = *(arg_20h);
0x004009ac move a2, t8 | a2 = t8;
0x004009b0 addiu a3, zero, 0x100 | a3 = 0x100;
0x004009b4 lw t8, -0x7fc4(gp) | t8 = sym.imp.get_network_id_char_const__int__char__int_;
0x004009b8 move t9, t8 | t9 = t8;
0x004009bc jalr t9 | t9 ();
0x004009c0 nop |
0x004009c4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004009c8 move t8, v0 | t8 = v0;
0x004009cc sw t8, 0x2c(fp) | *(arg_2ch) = t8;
0x004009d0 addiu t8, fp, 0x134 | t8 = fp + 0x134;
0x004009d4 lw a0, 0x1c(fp) | a0 = *(arg_1ch);
0x004009d8 lw a1, 0x20(fp) | a1 = *(arg_20h);
0x004009dc move a2, t8 | a2 = t8;
0x004009e0 addiu a3, zero, 0x100 | a3 = 0x100;
0x004009e4 lw t8, -0x7fc4(gp) | t8 = sym.imp.get_network_id_char_const__int__char__int_;
0x004009e8 move t9, t8 | t9 = t8;
0x004009ec jalr t9 | t9 ();
0x004009f0 nop |
0x004009f4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004009f8 move t8, v0 | t8 = v0;
0x004009fc sw t8, 0x30(fp) | *(arg_30h) = t8;
0x00400a00 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
| if (t8 == 0) {
0x00400a04 bnez t8, 0x400a80 |
0x00400a08 nop |
0x00400a0c lw t8, 0x30(fp) | t8 = *(arg_30h);
| if (t8 != 0) {
0x00400a10 bnez t8, 0x400a80 | goto label_0;
| }
0x00400a14 nop |
0x00400a18 addiu v0, fp, 0x34 | v0 = fp + 0x34;
0x00400a1c addiu t8, fp, 0x134 | t8 = fp + 0x134;
0x00400a20 lw v1, -0x7fdc(gp) | v1 = *(gp);
| /* str.network_id_1___s__network_id_2___s_n */
0x00400a24 addiu a0, v1, 0xd00 | a0 = v1 + 0xd00;
0x00400a28 move a1, v0 | a1 = v0;
0x00400a2c move a2, t8 | a2 = t8;
0x00400a30 lw t8, -0x7fd0(gp) | t8 = sym.imp.printf
0x00400a34 move t9, t8 | t9 = t8;
0x00400a38 jalr t9 | t9 ();
0x00400a3c nop |
0x00400a40 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00400a44 addiu v0, fp, 0x34 | v0 = fp + 0x34;
0x00400a48 addiu t8, fp, 0x134 | t8 = fp + 0x134;
0x00400a4c move a0, v0 | a0 = v0;
0x00400a50 move a1, t8 | a1 = t8;
0x00400a54 lw t8, -0x7fb8(gp) | t8 = sym.imp.strcasecmp;
0x00400a58 move t9, t8 | t9 = t8;
0x00400a5c jalr t9 | t9 ();
0x00400a60 nop |
0x00400a64 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00400a68 move t8, v0 | t8 = v0;
| if (t8 != 0) {
0x00400a6c bnez t8, 0x400a80 | goto label_0;
| }
0x00400a70 nop |
0x00400a74 move t8, zero | t8 = 0;
0x00400a78 b 0x400a84 | goto label_1;
0x00400a7c nop |
| }
| label_0:
0x00400a80 addiu t8, zero, 1 | t8 = 1;
| label_1:
0x00400a84 move v0, t8 | v0 = t8;
0x00400a88 lw t8, -0x7fb4(gp) | t8 = *((gp - 8173));
0x00400a8c lw v1, 0x234(fp) | v1 = *(arg_234h);
0x00400a90 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x00400a94 beq v1, t8, 0x400aac |
0x00400a98 nop |
0x00400a9c lw t8, -0x7fc0(gp) | t8 = sym.imp.__stack_chk_fail;
0x00400aa0 move t9, t8 | t9 = t8;
0x00400aa4 jalr t9 | t9 ();
0x00400aa8 nop |
| }
0x00400aac move sp, fp |
0x00400ab0 lw ra, 0x23c(sp) | ra = *(var_23ch);
0x00400ab4 lw fp, 0x238(sp) | fp = *(var_238h);
0x00400ab8 addiu sp, sp, 0x240 |
0x00400abc jr ra | return v1;
0x00400ac0 nop |
| }
[*] Function printf used 3 times ipv6_get_network_id
