[*] Binary protection state of tz_dst
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function printf tear down of tz_dst
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/tz_dst @ 0x4017d4 */
| #include <stdint.h>
|
; (fcn) sym.getYear__ () | void getYear_ () {
| /* getYear() */
0x004017d4 lui gp, 2 |
0x004017d8 addiu gp, gp, 0x384c |
0x004017dc addu gp, gp, t9 | gp += t9;
0x004017e0 addiu sp, sp, -0x1060 |
0x004017e4 sw ra, 0x105c(sp) | *(var_105ch) = ra;
0x004017e8 sw fp, 0x1058(sp) | *(var_1058h) = fp;
0x004017ec sw s0, 0x1054(sp) | *(var_1054h) = s0;
0x004017f0 move fp, sp | fp = sp;
0x004017f4 sw gp, 0x10(sp) | *(var_10h) = gp;
0x004017f8 lw t8, -0x7ec0(gp) | t8 = *((gp - 8112));
0x004017fc lw t8, (t8) | t8 = *(t8);
0x00401800 sw t8, 0x104c(fp) | *(arg_104ch) = t8;
0x00401804 sw zero, 0x30(fp) | *(arg_30h) = 0;
0x00401808 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x0040180c move a0, t8 | a0 = t8;
0x00401810 lw t8, -0x7f54(gp) | t8 = *(gp);
0x00401814 move t9, t8 | t9 = t8;
0x00401818 jalr t9 | t9 ();
0x0040181c nop |
0x00401820 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401824 addiu v0, fp, 0x1c | v0 = fp + 0x1c;
0x00401828 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x0040182c move a0, v0 | a0 = v0;
0x00401830 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* section..rodata */
0x00401834 addiu a1, v0, -0x6d90 | a1 = v0 + -0x6d90;
0x00401838 move a2, t8 | a2 = t8;
0x0040183c lw t8, -0x7f18(gp) | t8 = *(gp);
0x00401840 move t9, t8 | t9 = t8;
0x00401844 jalr t9 | t9 ();
0x00401848 nop |
0x0040184c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401850 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00401854 move a0, t8 | a0 = t8;
0x00401858 lw t8, -0x7f38(gp) | t8 = *(gp);
0x0040185c move t9, t8 | t9 = t8;
0x00401860 jalr t9 | t9 ();
0x00401864 nop |
0x00401868 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040186c addiu t8, fp, 0x34 | t8 = fp + 0x34;
0x00401870 move a0, t8 | a0 = t8;
0x00401874 lw t8, -0x7fd8(gp) | t8 = *(gp);
0x00401878 move t9, t8 | t9 = t8;
0x0040187c jalr t9 | t9 ();
0x00401880 nop |
0x00401884 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401888 addiu t8, fp, 0x34 | t8 = fp + 0x34;
0x0040188c move a0, t8 | a0 = t8;
0x00401890 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* esilref: 'TMP' */
0x00401894 addiu a1, t8, -0x6d8c | a1 = t8 + -0x6d8c;
0x00401898 move a2, zero | a2 = 0;
0x0040189c lw t8, -0x7f44(gp) | t8 = *(gp);
0x004018a0 move t9, t8 | t9 = t8;
0x004018a4 jalr t9 | t9 ();
0x004018a8 nop |
0x004018ac lw gp, 0x10(fp) | gp = *(arg_10h);
0x004018b0 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x004018b4 move a0, t8 | a0 = t8;
0x004018b8 lw t8, -0x7f54(gp) | t8 = *(gp);
0x004018bc move t9, t8 | t9 = t8;
0x004018c0 jalr t9 | t9 ();
0x004018c4 nop |
0x004018c8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004018cc addiu v0, fp, 0x20 | v0 = fp + 0x20;
0x004018d0 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x004018d4 move a0, v0 | a0 = v0;
0x004018d8 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str.DataParam */
0x004018dc addiu a1, v0, -0x6d88 | a1 = v0 + -0x6d88;
0x004018e0 move a2, t8 | a2 = t8;
0x004018e4 lw t8, -0x7f18(gp) | t8 = *(gp);
0x004018e8 move t9, t8 | t9 = t8;
0x004018ec jalr t9 | t9 ();
0x004018f0 nop |
0x004018f4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004018f8 addiu v1, fp, 0x24 | v1 = fp + 0x24;
0x004018fc addiu v0, fp, 0x34 | v0 = fp + 0x34;
0x00401900 addiu t8, fp, 0x20 | t8 = fp + 0x20;
0x00401904 move a0, v1 | a0 = v1;
0x00401908 move a1, v0 | a1 = v0;
0x0040190c move a2, t8 | a2 = t8;
0x00401910 lw t8, -0x7f14(gp) | t8 = *(gp);
0x00401914 move t9, t8 | t9 = t8;
0x00401918 jalr t9 | t9 ();
0x0040191c nop |
0x00401920 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401924 addiu v0, fp, 0x1c | v0 = fp + 0x1c;
0x00401928 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x0040192c move a0, v0 | a0 = v0;
0x00401930 move a1, t8 | a1 = t8;
0x00401934 lw t8, -0x7f5c(gp) | t8 = *(gp);
0x00401938 move t9, t8 | t9 = t8;
0x0040193c jalr t9 | t9 ();
0x00401940 nop |
0x00401944 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401948 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x0040194c move a0, t8 | a0 = t8;
0x00401950 lw t8, -0x7ef4(gp) | t8 = *((gp - 8125));
0x00401954 move t9, t8 | t9 = t8;
0x00401958 jalr t9 | t9 ();
0x0040195c nop |
0x00401960 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401964 addiu t8, fp, 0x20 | t8 = fp + 0x20;
0x00401968 move a0, t8 | a0 = t8;
0x0040196c lw t8, -0x7ef4(gp) | t8 = *((gp - 8125));
0x00401970 move t9, t8 | t9 = t8;
0x00401974 jalr t9 | t9 ();
0x00401978 nop |
0x0040197c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401980 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00401984 move a0, t8 | a0 = t8;
0x00401988 lw t8, -0x7f38(gp) | t8 = *(gp);
0x0040198c move t9, t8 | t9 = t8;
0x00401990 jalr t9 | t9 ();
0x00401994 nop |
0x00401998 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040199c addiu t8, fp, 0x1c | t8 = fp + 0x1c;
0x004019a0 move a0, t8 | a0 = t8;
0x004019a4 lw t8, -0x7ed4(gp) | t8 = *(gp);
0x004019a8 move t9, t8 | t9 = t8;
0x004019ac jalr t9 | t9 ();
0x004019b0 nop |
0x004019b4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004019b8 move t8, v0 | t8 = v0;
0x004019bc lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str.strSize:_d_n */
0x004019c0 addiu a0, v0, -0x6d7c | a0 = v0 + -0x6d7c;
0x004019c4 move a1, t8 | a1 = t8;
0x004019c8 lw t8, -0x7f58(gp) | t8 = sym.imp.printf
0x004019cc move t9, t8 | t9 = t8;
0x004019d0 jalr t9 | t9 ();
0x004019d4 nop |
0x004019d8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004019dc addiu v0, fp, 0x28 | v0 = fp + 0x28;
0x004019e0 addiu t8, fp, 0x1c | t8 = fp + 0x1c;
0x004019e4 move a0, v0 | a0 = v0;
0x004019e8 move a1, t8 | a1 = t8;
0x004019ec addiu a2, zero, 8 | a2 = 8;
0x004019f0 addiu a3, zero, 4 | a3 = 4;
0x004019f4 lw t8, -0x7f28(gp) | t8 = *(gp);
0x004019f8 move t9, t8 | t9 = t8;
0x004019fc jalr t9 | t9 ();
0x00401a00 nop |
0x00401a04 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401a08 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00401a0c move a0, t8 | a0 = t8;
0x00401a10 lw t8, -0x7ec8(gp) | t8 = *(gp);
0x00401a14 move t9, t8 | t9 = t8;
0x00401a18 jalr t9 | t9 ();
0x00401a1c nop |
0x00401a20 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401a24 move t8, v0 | t8 = v0;
0x00401a28 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str.str:_s_n */
0x00401a2c addiu a0, v0, -0x6d70 | a0 = v0 + -0x6d70;
0x00401a30 move a1, t8 | a1 = t8;
0x00401a34 lw t8, -0x7f58(gp) | t8 = sym.imp.printf
0x00401a38 move t9, t8 | t9 = t8;
0x00401a3c jalr t9 | t9 ();
0x00401a40 nop |
0x00401a44 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401a48 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00401a4c move a0, t8 | a0 = t8;
0x00401a50 lw t8, -0x7ef4(gp) | t8 = *((gp - 8125));
0x00401a54 move t9, t8 | t9 = t8;
0x00401a58 jalr t9 | t9 ();
0x00401a5c nop |
0x00401a60 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401a64 addiu t8, fp, 0x1c | t8 = fp + 0x1c;
0x00401a68 move a0, t8 | a0 = t8;
0x00401a6c lw t8, -0x7ed4(gp) | t8 = *(gp);
0x00401a70 move t9, t8 | t9 = t8;
0x00401a74 jalr t9 | t9 ();
0x00401a78 nop |
0x00401a7c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401a80 move t8, v0 | t8 = v0;
0x00401a84 xori t8, t8, 0xf | t8 ^= 0xf;
0x00401a88 sltu t8, zero, t8 | t8 = (0 < t8) ? 1 : 0;
0x00401a8c andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00401a90 beqz t8, 0x401abc |
0x00401a94 nop |
0x00401a98 lw t8, -0x7fd4(gp) | t8 = sym.getYearFromLocal__;
0x00401a9c move t9, t8 | t9 = t8;
0x00401aa0 jalr t9 | t9 ();
0x00401aa4 nop |
0x00401aa8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401aac move t8, v0 | t8 = v0;
0x00401ab0 sw t8, 0x30(fp) | *(arg_30h) = t8;
0x00401ab4 b 0x401b44 | goto label_0;
0x00401ab8 nop |
| }
0x00401abc addiu v0, fp, 0x2c | v0 = fp + 0x2c;
0x00401ac0 addiu t8, fp, 0x1c | t8 = fp + 0x1c;
0x00401ac4 move a0, v0 | a0 = v0;
0x00401ac8 move a1, t8 | a1 = t8;
0x00401acc addiu a2, zero, 8 | a2 = 8;
0x00401ad0 addiu a3, zero, 4 | a3 = 4;
0x00401ad4 lw t8, -0x7f28(gp) | t8 = *(gp);
0x00401ad8 move t9, t8 | t9 = t8;
0x00401adc jalr t9 | t9 ();
0x00401ae0 nop |
0x00401ae4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401ae8 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00401aec move a0, t8 | a0 = t8;
0x00401af0 lw t8, -0x7ec8(gp) | t8 = *(gp);
0x00401af4 move t9, t8 | t9 = t8;
0x00401af8 jalr t9 | t9 ();
0x00401afc nop |
0x00401b00 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401b04 move t8, v0 | t8 = v0;
0x00401b08 move a0, t8 | a0 = t8;
0x00401b0c lw t8, -0x7f50(gp) | t8 = sym.imp.atoi;
0x00401b10 move t9, t8 | t9 = t8;
0x00401b14 jalr t9 | t9 ();
0x00401b18 nop |
0x00401b1c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401b20 move t8, v0 | t8 = v0;
0x00401b24 sw t8, 0x30(fp) | *(arg_30h) = t8;
0x00401b28 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00401b2c move a0, t8 | a0 = t8;
0x00401b30 lw t8, -0x7ef4(gp) | t8 = *((gp - 8125));
0x00401b34 move t9, t8 | t9 = t8;
0x00401b38 jalr t9 | t9 ();
0x00401b3c nop |
0x00401b40 lw gp, 0x10(fp) | gp = *(arg_10h);
| label_0:
0x00401b44 addiu t8, fp, 0x34 | t8 = fp + 0x34;
0x00401b48 move a0, t8 | a0 = t8;
0x00401b4c lw t8, -0x7f30(gp) | t8 = sym.imp.TinyDB::TinyDB__;
0x00401b50 move t9, t8 | t9 = t8;
0x00401b54 jalr t9 | t9 ();
0x00401b58 nop |
0x00401b5c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401b60 lw s0, 0x30(fp) | s0 = *(arg_30h);
0x00401b64 addiu t8, fp, 0x1c | t8 = fp + 0x1c;
0x00401b68 move a0, t8 | a0 = t8;
0x00401b6c lw t8, -0x7ef4(gp) | t8 = *((gp - 8125));
0x00401b70 move t9, t8 | t9 = t8;
0x00401b74 jalr t9 | t9 ();
0x00401b78 nop |
0x00401b7c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401b80 move t8, s0 | t8 = s0;
0x00401b84 move v0, t8 | v0 = t8;
0x00401b88 lw t8, -0x7ec0(gp) | t8 = *((gp - 8112));
0x00401b8c lw v1, 0x104c(fp) | v1 = *(arg_104ch);
0x00401b90 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x00401b94 beq v1, t8, 0x401d80 |
0x00401b98 nop |
0x00401b9c b 0x401d70 | goto label_1;
0x00401ba0 nop |
| label_1:
0x00401d70 lw t8, -0x7f08(gp) | t8 = sym.imp.__stack_chk_fail;
0x00401d74 move t9, t8 | t9 = t8;
0x00401d78 jalr t9 | t9 ();
0x00401d7c nop |
| }
0x00401d80 move sp, fp |
0x00401d84 lw ra, 0x105c(sp) | ra = *(var_105ch);
0x00401d88 lw fp, 0x1058(sp) | fp = *(var_1058h);
0x00401d8c lw s0, 0x1054(sp) | s0 = *(var_1054h);
0x00401d90 addiu sp, sp, 0x1060 |
0x00401d94 jr ra | return v1;
0x00401d98 nop |
| }
[*] Function printf used 3 times tz_dst
