[*] Binary protection state of onvifbox
No RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function printf tear down of onvifbox
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/var/www/onvif/onvifbox @ 0x48e570 */
| #include <stdint.h>
|
; (fcn) sym.onvifBegin_char_const_ () | void onvifBegin_char_const_ () {
| /* onvifBegin(char const*) */
0x0048e570 lui gp, 4 |
0x0048e574 addiu gp, gp, 0x70f0 |
0x0048e578 addu gp, gp, t9 | gp += t9;
0x0048e57c addiu sp, sp, -0x30 |
0x0048e580 sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x0048e584 sw fp, 0x28(sp) | *(var_28h) = fp;
0x0048e588 move fp, sp | fp = sp;
0x0048e58c sw gp, 0x10(sp) | *(var_10h) = gp;
0x0048e590 sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x0048e594 lw t8, -0x73e8(gp) | t8 = *((gp - 7418));
0x0048e598 lw t8, (t8) | t8 = *(t8);
0x0048e59c sw t8, 0x24(fp) | *(arg_24h) = t8;
0x0048e5a0 lw t8, -0x76e4(gp) | t8 = *((gp - 7609));
| /* aav.0x0048e398 */
0x0048e5a4 addiu t8, t8, -0x1c68 | t8 += -0x1c68;
0x0048e5a8 move t9, t8 | t9 = t8;
0x0048e5ac jalr t9 | t9 ();
0x0048e5b0 nop |
0x0048e5b4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0048e5b8 move t8, v0 | t8 = v0;
0x0048e5bc lw v0, -0x7b04(gp) | v0 = *((gp - 7873));
| /* str.Expires:_Mon__26_Jul_1997_05:00:00_GMT_r_nConnection:_close_r_nLast_Modified:__s_r_nCache_Control:_no_cache__no_store__must_revalidate_r_nPragma:_no_cache_r_nContent_Type:_application_soapxml__charset_utf_8__r_n_r_n__xml_version_1.0_____n_env:Envelope_xmlns:env_http:__www.w3.org_2003_05_soap_envelope__n___xmlns:tds_http:__www.onvif.org_ver10_device_wsdl__n___xmlns:xs_http:__www.w3.org_2000_10_XMLSchema___n__env:Body__n____s__n */
0x0048e5c0 addiu a0, v0, -0x41a8 | a0 = v0 + -0x41a8;
0x0048e5c4 move a1, t8 | a1 = t8;
0x0048e5c8 lw a2, 0x1c(fp) | a2 = *(arg_1ch);
0x0048e5cc lw t8, -0x7634(gp) | t8 = sym.imp.printf
0x0048e5d0 move t9, t8 | t9 = t8;
0x0048e5d4 jalr t9 | t9 ();
0x0048e5d8 nop |
0x0048e5dc lw gp, 0x10(fp) | gp = *(arg_10h);
0x0048e5e0 lw t8, -0x73e8(gp) | t8 = *((gp - 7418));
0x0048e5e4 lw v0, 0x24(fp) | v0 = *(arg_24h);
0x0048e5e8 lw t8, (t8) | t8 = *(t8);
| if (v0 != t8) {
0x0048e5ec beq v0, t8, 0x48e604 |
0x0048e5f0 nop |
0x0048e5f4 lw t8, -0x7514(gp) | t8 = sym.imp.__stack_chk_fail;
0x0048e5f8 move t9, t8 | t9 = t8;
0x0048e5fc jalr t9 | t9 ();
0x0048e600 nop |
| }
0x0048e604 move sp, fp |
0x0048e608 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x0048e60c lw fp, 0x28(sp) | fp = *(var_28h);
0x0048e610 addiu sp, sp, 0x30 |
0x0048e614 jr ra | return v0;
0x0048e618 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/var/www/onvif/onvifbox @ 0x48e61c */
| #include <stdint.h>
|
; (fcn) sym.onvifEnd_char_const_ () | void onvifEnd_char_const_ () {
| /* onvifEnd(char const*) */
0x0048e61c lui gp, 4 |
0x0048e620 addiu gp, gp, 0x7044 |
0x0048e624 addu gp, gp, t9 | gp += t9;
0x0048e628 addiu sp, sp, -0x30 |
0x0048e62c sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x0048e630 sw fp, 0x28(sp) | *(var_28h) = fp;
0x0048e634 move fp, sp | fp = sp;
0x0048e638 sw gp, 0x10(sp) | *(var_10h) = gp;
0x0048e63c sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x0048e640 lw t8, -0x73e8(gp) | t8 = *((gp - 7418));
0x0048e644 lw t8, (t8) | t8 = *(t8);
0x0048e648 sw t8, 0x24(fp) | *(arg_24h) = t8;
0x0048e64c lw t8, -0x7b04(gp) | t8 = *((gp - 7873));
| /* str._____s__n___env:Body__n__env:Envelope__n */
0x0048e650 addiu a0, t8, -0x4004 | a0 = t8 + -0x4004;
0x0048e654 lw a1, 0x1c(fp) | a1 = *(arg_1ch);
0x0048e658 lw t8, -0x7634(gp) | t8 = sym.imp.printf
0x0048e65c move t9, t8 | t9 = t8;
0x0048e660 jalr t9 | t9 ();
0x0048e664 nop |
0x0048e668 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0048e66c lw t8, -0x73e8(gp) | t8 = *((gp - 7418));
0x0048e670 lw v0, 0x24(fp) | v0 = *(arg_24h);
0x0048e674 lw t8, (t8) | t8 = *(t8);
| if (v0 != t8) {
0x0048e678 beq v0, t8, 0x48e690 |
0x0048e67c nop |
0x0048e680 lw t8, -0x7514(gp) | t8 = sym.imp.__stack_chk_fail;
0x0048e684 move t9, t8 | t9 = t8;
0x0048e688 jalr t9 | t9 ();
0x0048e68c nop |
| }
0x0048e690 move sp, fp |
0x0048e694 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x0048e698 lw fp, 0x28(sp) | fp = *(var_28h);
0x0048e69c addiu sp, sp, 0x30 |
0x0048e6a0 jr ra | return v0;
0x0048e6a4 nop |
| }
[*] Function printf used 3 times onvifbox
