[*] Binary protection state of watchDog
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of watchDog
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/watchDog @ 0x40830c */
| #include <stdint.h>
|
; (fcn) method.CommonBehavior.init__ () | void method_CommonBehavior_init_ () {
| /* CommonBehavior::init() */
0x0040830c lui gp, 2 |
0x00408310 addiu gp, gp, 0x1f04 |
0x00408314 addu gp, gp, t9 | gp += t9;
0x00408318 addiu sp, sp, -0x38 |
0x0040831c sw ra, 0x34(sp) | *(var_34h) = ra;
0x00408320 sw s2, 0x30(sp) | *(var_30h) = s2;
0x00408324 sw s1, 0x2c(sp) | *(var_2ch) = s1;
0x00408328 sw s0, 0x28(sp) | *(var_28h) = s0;
0x0040832c move s0, a0 | s0 = a0;
0x00408330 lw s2, -0x7d2c(gp) | s2 = *((gp - 8011));
0x00408334 addiu a0, a0, 0x5c | a0 += 0x5c;
0x00408338 lw a1, -0x7fc4(gp) | a1 = *((gp - 8177));
0x0040833c addiu s1, s0, 0x6b40 | s1 = s0 + 0x6b40;
0x00408340 lw t8, (s2) | t8 = *(s2);
0x00408344 sw gp, 0x10(sp) | *(var_10h) = gp;
| /* str.wlan0 */
0x00408348 addiu a1, a1, -0x1818 | a1 += -0x1818;
0x0040834c lw t9, -0x7ed4(gp) | t9 = sym.imp.strcpy
0x00408350 sw t8, 0x24(sp) | *(var_24h) = t8;
0x00408354 addiu t8, zero, 1 | t8 = 1;
0x00408358 sb t8, 0x6adc(a0) | *((a0 + 27356)) = t8;
0x0040835c sb t8, 0x6add(a0) | *((a0 + 27357)) = t8;
0x00408360 sb t8, 0x6adf(a0) | *((a0 + 27359)) = t8;
0x00408364 sb t8, 0x6ade(a0) | *((a0 + 27358)) = t8;
0x00408368 sb zero, 0x6ae0(a0) | *((a0 + 27360)) = 0;
0x0040836c jalr t9 | t9 ();
0x00408370 addiu t8, zero, -1 | t8 = -1;
0x00408374 lw gp, 0x10(sp) | gp = *(var_10h);
0x00408378 move a0, s1 | a0 = s1;
0x0040837c sw t8, 0x10(s0) | *((s0 + 4)) = t8;
0x00408380 addiu t8, zero, 1 | t8 = 1;
0x00408384 lw a1, -0x7fc4(gp) | a1 = *((gp - 8177));
0x00408388 move a2, zero | a2 = 0;
0x0040838c sw t8, 0x6b34(s0) | *((s0 + 6861)) = t8;
0x00408390 sw t8, 4(s0) | *((s0 + 1)) = t8;
0x00408394 addiu t8, zero, 0x3e8 | t8 = 0x3e8;
0x00408398 lw t9, -0x7e80(gp) | t9 = *(gp);
| /* esilref: 'Ble' */
0x0040839c addiu a1, a1, -0x1aec | a1 += -0x1aec;
0x004083a0 sw zero, 0x14(s0) | *((s0 + 5)) = 0;
0x004083a4 sw zero, 0x28(s0) | *((s0 + 10)) = 0;
0x004083a8 sw zero, 0x24(s0) | *((s0 + 9)) = 0;
0x004083ac sw zero, 0x1c(s0) | *((s0 + 7)) = 0;
0x004083b0 sw zero, 0x2c(s0) | *((s0 + 11)) = 0;
0x004083b4 sw zero, 0x30(s0) | *((s0 + 12)) = 0;
0x004083b8 sw zero, 0x40(s0) | *((s0 + 16)) = 0;
0x004083bc sw zero, 0x44(s0) | *((s0 + 17)) = 0;
0x004083c0 sw zero, 0x48(s0) | *((s0 + 18)) = 0;
0x004083c4 sw zero, 0x4c(s0) | *((s0 + 19)) = 0;
0x004083c8 sw zero, 0x18(s0) | *((s0 + 6)) = 0;
0x004083cc sb zero, 0x6b3d(s0) | *((s0 + 27453)) = 0;
0x004083d0 sw zero, 8(s0) | *((s0 + 2)) = 0;
0x004083d4 sw t8, 0xc(s0) | *((s0 + 3)) = t8;
0x004083d8 sb zero, 0x7b59(s0) | *((s0 + 31577)) = 0;
0x004083dc sw zero, 0x7b5c(s0) | *((s0 + 7895)) = 0;
0x004083e0 sb zero, 0x7b5a(s0) | *((s0 + 31578)) = 0;
0x004083e4 sw zero, 0x7b60(s0) | *((s0 + 7896)) = 0;
0x004083e8 jalr t9 | t9 ();
0x004083ec lw gp, 0x10(sp) | gp = *(var_10h);
0x004083f0 lw a1, -0x7fc4(gp) | a1 = *((gp - 8177));
0x004083f4 move a0, s1 | a0 = s1;
0x004083f8 lw t9, -0x7de4(gp) | t9 = *(gp);
| /* str.DefaultRun */
0x004083fc addiu a1, a1, -0x1ae8 | a1 += -0x1ae8;
0x00408400 jalr t9 | t9 ();
0x00408404 lw gp, 0x10(sp) | gp = *(var_10h);
0x00408408 sltu v0, zero, v0 | v0 = (0 < v0) ? 1 : 0;
0x0040840c lw t9, -0x7d14(gp) | t9 = *(gp);
0x00408410 sb v0, 0x7b58(s0) | *((s0 + 31576)) = v0;
0x00408414 move a0, s1 | a0 = s1;
0x00408418 jalr t9 | t9 ();
0x0040841c lw gp, 0x10(sp) | gp = *(var_10h);
| do {
0x00408420 lw t9, -0x7e78(gp) | t9 = *(gp);
0x00408424 addiu a0, s0, 0x35f8 | a0 = s0 + 0x35f8;
0x00408428 sb zero, 0x7b5b(s0) | *((s0 + 31579)) = 0;
0x0040842c sw zero, 0x7b64(s0) | *((s0 + 7897)) = 0;
0x00408430 jalr t9 | t9 ();
0x00408434 lw gp, 0x10(sp) | gp = *(var_10h);
0x00408438 lw t9, -0x7e24(gp) | t9 = sym.imp.operator_new_unsigned_int_;
0x0040843c addiu a0, zero, 0xb8 | a0 = 0xb8;
0x00408440 jalr t9 | t9 ();
0x00408444 lw gp, 0x10(sp) | gp = *(var_10h);
0x00408448 move a0, v0 | a0 = v0;
0x0040844c lw t9, -0x7f68(gp) | t9 = *(gp);
0x00408450 move s1, v0 | s1 = v0;
0x00408454 jalr t9 | t9 ();
0x00408458 lw t8, (s1) | t8 = *(s1);
0x0040845c sw s1, 0x6b20(s0) | *((s0 + 6856)) = s1;
0x00408460 lw t9, (t8) | t9 = *(t8);
0x00408464 move a0, s1 | a0 = s1;
0x00408468 jalr t9 | t9 ();
0x0040846c move a0, s0 | a0 = s0;
0x00408470 lw gp, 0x10(sp) | gp = *(var_10h);
0x00408474 lw t9, -0x7f64(gp) | t9 = *(gp);
0x00408478 sw zero, 0x6b24(s0) | *((s0 + 6857)) = 0;
0x0040847c jalr t9 | t9 ();
0x00408480 move v0, zero | v0 = 0;
0x00408484 lw v1, 0x24(sp) | v1 = *(var_24h);
0x00408488 lw t8, (s2) | t8 = *(s2);
0x0040848c lw gp, 0x10(sp) | gp = *(var_10h);
| if (v1 == t8) {
0x00408490 beq v1, t8, 0x408528 | goto label_0;
| }
0x00408494 lw t9, -0x7dec(gp) | t9 = sym.imp.__stack_chk_fail;
0x00408498 jalr t9 | t9 ();
0x0040849c nop |
0x004084a0 addiu t8, zero, 1 | t8 = 1;
0x004084a4 lw gp, 0x10(sp) | gp = *(var_10h);
| if (a1 != t8) {
0x004084a8 bne a1, t8, 0x40851c | goto label_1;
| }
0x004084ac lw t9, -0x7e9c(gp) | t9 = sym.imp.__cxa_begin_catch;
0x004084b0 jalr t9 | t9 ();
0x004084b4 nop |
0x004084b8 lw gp, 0x10(sp) | gp = *(var_10h);
0x004084bc lw a0, -0x7fc4(gp) | a0 = *((gp - 8177));
0x004084c0 lw t9, -0x7ec0(gp) | t9 = sym.imp.puts;
| /* str.hey_privacy_tinydb_error */
0x004084c4 addiu a0, a0, -0x1810 | a0 += -0x1810;
0x004084c8 jalr t9 | t9 ();
0x004084cc lw gp, 0x10(sp) | gp = *(var_10h);
0x004084d0 lw t9, -0x7e88(gp) | t9 = sym.imp.__cxa_end_catch;
0x004084d4 jalr t9 | t9 ();
0x004084d8 nop |
0x004084dc lw gp, 0x10(sp) | gp = *(var_10h);
0x004084e0 b 0x408420 |
| } while (1);
| label_1:
0x0040851c lw t9, -0x7dcc(gp) | t9 = sym.imp._Unwind_Resume;
0x00408520 jalr t9 | t9 ();
0x00408524 nop |
| label_0:
0x00408528 lw ra, 0x34(sp) | ra = *(var_34h);
0x0040852c lw s2, 0x30(sp) | s2 = *(var_30h);
0x00408530 lw s1, 0x2c(sp) | s1 = *(var_2ch);
0x00408534 lw s0, 0x28(sp) | s0 = *(var_28h);
0x00408538 addiu sp, sp, 0x38 |
0x0040853c jr ra | return v1;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/watchDog @ 0x40d168 */
| #include <stdint.h>
|
; (fcn) method.ProjectBehavior.init__ () | void method_ProjectBehavior_init_ () {
| /* ProjectBehavior::init() */
0x0040d168 lui gp, 2 |
0x0040d16c addiu gp, gp, -0x2f58 |
0x0040d170 addu gp, gp, t9 | gp += t9;
0x0040d174 addiu sp, sp, -0x1050 |
0x0040d178 sw ra, 0x104c(sp) | *(var_104ch) = ra;
0x0040d17c sw s3, 0x1048(sp) | *(var_1048h) = s3;
0x0040d180 sw s2, 0x1044(sp) | *(var_1044h) = s2;
0x0040d184 sw s1, 0x1040(sp) | *(var_1040h) = s1;
0x0040d188 sw s0, 0x103c(sp) | *(var_103ch) = s0;
0x0040d18c move s0, a0 | s0 = a0;
0x0040d190 lw t8, -0x7d2c(gp) | t8 = *((gp - 8011));
0x0040d194 addiu s1, sp, 0x1c | s1 = sp + 0x1c;
0x0040d198 lw t9, -0x7efc(gp) | t9 = *(gp);
0x0040d19c lw v0, (t8) | v0 = *(t8);
0x0040d1a0 move s3, t8 | s3 = t8;
0x0040d1a4 sw gp, 0x10(sp) | *(var_10h) = gp;
0x0040d1a8 sw v0, 0x1034(sp) | *(var_1034h) = v0;
0x0040d1ac lw v0, -0x7dfc(gp) | v0 = *((gp - 8063));
0x0040d1b0 addiu v0, v0, 8 | v0 += 8;
0x0040d1b4 sw v0, 0x1c(sp) | *(var_1ch) = v0;
0x0040d1b8 addiu v0, zero, -1 | v0 = -1;
0x0040d1bc sw v0, 0x1030(sp) | *(var_1030h) = v0;
0x0040d1c0 jalr t9 | t9 ();
0x0040d1c4 lw gp, 0x10(sp) | gp = *(var_10h);
0x0040d1c8 lw t8, 4(s0) | t8 = *((s0 + 1));
0x0040d1cc move a0, s1 | a0 = s1;
0x0040d1d0 lw a1, -0x7fc4(gp) | a1 = *((gp - 8177));
0x0040d1d4 move a2, zero | a2 = 0;
0x0040d1d8 ori t8, t8, 4 | t8 |= 4;
0x0040d1dc lw t9, -0x7e80(gp) | t9 = *(gp);
0x0040d1e0 sw t8, 4(s0) | *((s0 + 1)) = t8;
| /* esilref: 'PTZ' */
0x0040d1e4 addiu a1, a1, -0xec4 | a1 += -0xec4;
0x0040d1e8 jalr t9 | t9 ();
0x0040d1ec lw gp, 0x10(sp) | gp = *(var_10h);
0x0040d1f0 lw a1, -0x7fc4(gp) | a1 = *((gp - 8177));
0x0040d1f4 move a0, s1 | a0 = s1;
0x0040d1f8 lw t9, -0x7de4(gp) | t9 = *(gp);
| /* str.PrivacyMode */
0x0040d1fc addiu a1, a1, -0xec0 | a1 += -0xec0;
0x0040d200 jalr t9 | t9 ();
0x0040d204 addiu t8, zero, 1 | t8 = 1;
0x0040d208 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == t8) {
0x0040d20c bne v0, t8, 0x40d21c |
0x0040d210 lw t8, 4(s0) | t8 = *((s0 + 1));
0x0040d214 ori t8, t8, 8 | t8 |= 8;
0x0040d218 sw t8, 4(s0) | *((s0 + 1)) = t8;
| }
0x0040d21c lw t9, -0x7d14(gp) | t9 = *(gp);
0x0040d220 move a0, s1 | a0 = s1;
0x0040d224 jalr t9 | t9 ();
0x0040d228 move a0, s1 | a0 = s1;
0x0040d22c lw gp, 0x10(sp) | gp = *(var_10h);
0x0040d230 move a2, zero | a2 = 0;
0x0040d234 lw a1, -0x7fc4(gp) | a1 = *((gp - 8177));
0x0040d238 lw t9, -0x7e80(gp) | t9 = *(gp);
| /* str.DLink15 */
0x0040d23c addiu a1, a1, -0x1ab0 | a1 += -0x1ab0;
0x0040d240 jalr t9 | t9 ();
0x0040d244 lw gp, 0x10(sp) | gp = *(var_10h);
0x0040d248 lw a1, -0x7fc4(gp) | a1 = *((gp - 8177));
0x0040d24c move a0, s1 | a0 = s1;
0x0040d250 lw t9, -0x7de4(gp) | t9 = *(gp);
| /* str.OOBChanged */
0x0040d254 addiu a1, a1, -0x1aa8 | a1 += -0x1aa8;
0x0040d258 jalr t9 | t9 ();
0x0040d25c addiu t8, zero, 1 | t8 = 1;
0x0040d260 lw gp, 0x10(sp) | gp = *(var_10h);
| if (v0 == t8) {
0x0040d264 bne v0, t8, 0x40d278 |
0x0040d268 lw v0, 4(s0) | v0 = *((s0 + 1));
0x0040d26c addiu t8, zero, -0xd | t8 = -0xd;
0x0040d270 and t8, v0, t8 | t8 = v0 & t8;
0x0040d274 sw t8, 4(s0) | *((s0 + 1)) = t8;
| }
0x0040d278 lw t9, -0x7d14(gp) | t9 = *(gp);
0x0040d27c move a0, s1 | a0 = s1;
0x0040d280 jalr t9 | t9 ();
0x0040d284 addiu a0, zero, 8 | a0 = 8;
0x0040d288 lw gp, 0x10(sp) | gp = *(var_10h);
0x0040d28c sw zero, 0x7b98(s0) | *((s0 + 7910)) = 0;
0x0040d290 lw t9, -0x7e24(gp) | t9 = sym.imp.operator_new_unsigned_int_;
0x0040d294 sw zero, 0x7b9c(s0) | *((s0 + 7911)) = 0;
0x0040d298 sw zero, 0x7b94(s0) | *((s0 + 7909)) = 0;
0x0040d29c sw zero, 0x7b84(s0) | *((s0 + 7905)) = 0;
0x0040d2a0 sw zero, 0x7b88(s0) | *((s0 + 7906)) = 0;
0x0040d2a4 sw zero, 0x7b8c(s0) | *((s0 + 7907)) = 0;
0x0040d2a8 sw zero, 0x7b90(s0) | *((s0 + 7908)) = 0;
0x0040d2ac jalr t9 | t9 ();
0x0040d2b0 lw gp, 0x10(sp) | gp = *(var_10h);
0x0040d2b4 lw t9, -0x7ef8(gp) | t9 = *(gp);
0x0040d2b8 move a0, v0 | a0 = v0;
0x0040d2bc move s2, v0 | s2 = v0;
0x0040d2c0 jalr t9 | t9 ();
0x0040d2c4 lw t8, (s2) | t8 = *(s2);
0x0040d2c8 move a0, s2 | a0 = s2;
0x0040d2cc sw s2, 0x6b24(s0) | *((s0 + 6857)) = s2;
0x0040d2d0 lw t9, 4(t8) | t9 = *((t8 + 1));
0x0040d2d4 lw a1, 0x6b20(s0) | a1 = *((s0 + 6856));
0x0040d2d8 jalr t9 | t9 ();
0x0040d2dc lw gp, 0x10(sp) | gp = *(var_10h);
0x0040d2e0 move s2, v0 | s2 = v0;
| if (v0 != 0) {
0x0040d2e4 beqz v0, 0x40d318 |
0x0040d2e8 lw a0, -0x7fc4(gp) | a0 = *((gp - 8177));
0x0040d2ec lw t9, -0x7ec0(gp) | t9 = sym.imp.puts;
| /* str.Error_on_init_Light_sensor */
0x0040d2f0 addiu a0, a0, -0xeb4 | a0 += -0xeb4;
0x0040d2f4 jalr t9 | t9 ();
0x0040d2f8 lw gp, 0x10(sp) | gp = *(var_10h);
0x0040d2fc lw a0, 0x6b24(s0) | a0 = *((s0 + 6857));
0x0040d300 lw t9, -0x7d54(gp) | t9 = sym.imp.operator_delete_void_;
0x0040d304 addiu s2, zero, -1 | s2 = -1;
0x0040d308 jalr t9 | t9 ();
0x0040d30c lw gp, 0x10(sp) | gp = *(var_10h);
0x0040d310 sw zero, 0x6b24(s0) | *((s0 + 6857)) = 0;
0x0040d314 b 0x40d344 |
| } else {
0x0040d318 lw a1, -0x7fc4(gp) | a1 = *((gp - 8177));
0x0040d31c addiu a0, s0, 0x7ba0 | a0 = s0 + 0x7ba0;
0x0040d320 lw t9, -0x7ed4(gp) | t9 = sym.imp.strcpy
| /* str._var_tmp_avcd */
0x0040d324 addiu a1, a1, -0xe98 | a1 += -0xe98;
0x0040d328 jalr t9 | t9 ();
0x0040d32c lw gp, 0x10(sp) | gp = *(var_10h);
0x0040d330 lw a0, -0x7fc4(gp) | a0 = *((gp - 8177));
0x0040d334 lw t9, -0x7ef4(gp) | t9 = sym.touch_char_const_;
| /* str._tmp_network_services_not_run */
0x0040d338 addiu a0, a0, -0x1a0c | a0 += -0x1a0c;
0x0040d33c jalr t9 | t9 ();
0x0040d340 lw gp, 0x10(sp) | gp = *(var_10h);
| }
0x0040d344 lw t9, -0x7e4c(gp) | t9 = *(gp);
0x0040d348 move a0, s1 | a0 = s1;
0x0040d34c jalr t9 | t9 ();
0x0040d350 move v0, s2 | v0 = s2;
0x0040d354 lw v1, 0x1034(sp) | v1 = *(var_1034h);
0x0040d358 lw t8, (s3) | t8 = *(s3);
0x0040d35c lw gp, 0x10(sp) | gp = *(var_10h);
| if (v1 != t8) {
0x0040d360 beq v1, t8, 0x40d3b0 |
0x0040d364 lw t9, -0x7dec(gp) | t9 = sym.imp.__stack_chk_fail;
0x0040d368 jalr t9 | t9 ();
0x0040d36c nop |
0x0040d370 lw gp, 0x10(sp) | gp = *(var_10h);
0x0040d374 move s0, a0 | s0 = a0;
0x0040d378 lw t9, -0x7d54(gp) | t9 = sym.imp.operator_delete_void_;
0x0040d37c move a0, s2 | a0 = s2;
0x0040d380 jalr t9 | t9 ();
0x0040d384 lw gp, 0x10(sp) | gp = *(var_10h);
0x0040d388 b 0x40d394 |
0x0040d394 lw t9, -0x7e4c(gp) | t9 = *(gp);
0x0040d398 move a0, s1 | a0 = s1;
0x0040d39c jalr t9 | t9 ();
0x0040d3a0 lw gp, 0x10(sp) | gp = *(var_10h);
0x0040d3a4 lw t9, -0x7dcc(gp) | t9 = sym.imp._Unwind_Resume;
0x0040d3a8 move a0, s0 | a0 = s0;
0x0040d3ac jalr t9 | t9 ();
| }
0x0040d3b0 lw ra, 0x104c(sp) | ra = *(var_104ch);
0x0040d3b4 lw s3, 0x1048(sp) | s3 = *(var_1048h);
0x0040d3b8 lw s2, 0x1044(sp) | s2 = *(var_1044h);
0x0040d3bc lw s1, 0x1040(sp) | s1 = *(var_1040h);
0x0040d3c0 lw s0, 0x103c(sp) | s0 = *(var_103ch);
0x0040d3c4 addiu sp, sp, 0x1050 |
0x0040d3c8 jr ra | return v1;
| }
[*] Function strcpy used 3 times watchDog
