[*] Binary protection state of console_secure
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function system tear down of console_secure
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/bin/console_secure @ 0x401134 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
0x00401134 lui gp, 2 |
0x00401138 addiu gp, gp, -0x6114 |
0x0040113c addu gp, gp, t9 | gp += t9;
0x00401140 addiu sp, sp, -0x3e48 |
0x00401144 sw ra, 0x3e44(sp) | *(arg_3e44h) = ra;
0x00401148 sw fp, 0x3e40(sp) | *(arg_3e40h) = fp;
0x0040114c sw s0, 0x3e3c(sp) | *(arg_3e3ch) = s0;
0x00401150 move fp, sp | fp = sp;
0x00401154 sw gp, 0x30(sp) | *(arg_30h) = gp;
0x00401158 lw t8, -0x7f38(gp) | t8 = *((gp - 8142));
0x0040115c lw t8, (t8) | t8 = *(t8);
0x00401160 sw t8, 0x3e34(fp) | *(arg_3e34h) = t8;
0x00401164 addiu t8, fp, 0x48 | t8 = fp + 0x48;
0x00401168 move a0, t8 | a0 = t8;
0x0040116c lw t8, -0x7fa8(gp) | t8 = *(gp);
0x00401170 move t9, t8 | t9 = t8;
0x00401174 jalr t9 | t9 ();
0x00401178 nop |
0x0040117c lw gp, 0x30(fp) | gp = *(arg_30h);
0x00401180 addiu v0, fp, 0x38 | v0 = fp + 0x38;
0x00401184 addiu t8, fp, 0x48 | t8 = fp + 0x48;
0x00401188 move a0, v0 | a0 = v0;
0x0040118c lw v0, -0x7fdc(gp) | v0 = *(gp);
| /* str.admin */
0x00401190 addiu a1, v0, 0x2038 | a1 = v0 + 0x2038;
0x00401194 move a2, t8 | a2 = t8;
0x00401198 lw t8, -0x7f84(gp) | t8 = *(gp);
0x0040119c move t9, t8 | t9 = t8;
0x004011a0 jalr t9 | t9 ();
0x004011a4 nop |
0x004011a8 lw gp, 0x30(fp) | gp = *(arg_30h);
0x004011ac addiu t8, fp, 0x48 | t8 = fp + 0x48;
0x004011b0 move a0, t8 | a0 = t8;
0x004011b4 lw t8, -0x7f90(gp) | t8 = *(gp);
0x004011b8 move t9, t8 | t9 = t8;
0x004011bc jalr t9 | t9 ();
0x004011c0 nop |
0x004011c4 lw gp, 0x30(fp) | gp = *(arg_30h);
0x004011c8 addiu t8, fp, 0x3c | t8 = fp + 0x3c;
0x004011cc move a0, t8 | a0 = t8;
0x004011d0 lw t8, -0x7f30(gp) | t8 = *(gp);
0x004011d4 move t9, t8 | t9 = t8;
0x004011d8 jalr t9 | t9 ();
0x004011dc nop |
0x004011e0 lw gp, 0x30(fp) | gp = *(arg_30h);
0x004011e4 addiu v0, fp, 0x3634 | v0 = fp + 0x3634;
0x004011e8 addiu t8, zero, 0x400 | t8 = 0x400;
0x004011ec move a0, v0 | a0 = v0;
0x004011f0 move a1, zero | a1 = 0;
0x004011f4 move a2, t8 | a2 = t8;
0x004011f8 lw t8, -0x7f8c(gp) | t8 = sym.imp.memset;
0x004011fc move t9, t8 | t9 = t8;
0x00401200 jalr t9 | t9 ();
0x00401204 nop |
0x00401208 lw gp, 0x30(fp) | gp = *(arg_30h);
0x0040120c addiu t8, fp, 0xe8 | t8 = fp + 0xe8;
0x00401210 move a0, t8 | a0 = t8;
0x00401214 lw t8, -0x7fd8(gp) | t8 = *(gp);
0x00401218 move t9, t8 | t9 = t8;
0x0040121c jalr t9 | t9 ();
0x00401220 nop |
0x00401224 lw gp, 0x30(fp) | gp = *(arg_30h);
0x00401228 addiu t8, fp, 0xe8 | t8 = fp + 0xe8;
0x0040122c move a0, t8 | a0 = t8;
0x00401230 lw t8, -0x7fa0(gp) | t8 = *(gp);
0x00401234 move t9, t8 | t9 = t8;
0x00401238 jalr t9 | t9 ();
0x0040123c nop |
0x00401240 lw gp, 0x30(fp) | gp = *(arg_30h);
0x00401244 addiu t8, fp, 0x50 | t8 = fp + 0x50;
0x00401248 lw v0, -0x7fdc(gp) | v0 = *(gp);
| /* str._etc_passwd */
0x0040124c addiu a0, v0, 0x2040 | a0 = v0 + 0x2040;
0x00401250 move a1, t8 | a1 = t8;
0x00401254 lw t8, -0x7f5c(gp) | t8 = sym.imp.stat;
0x00401258 move t9, t8 | t9 = t8;
0x0040125c jalr t9 | t9 ();
0x00401260 nop |
0x00401264 lw gp, 0x30(fp) | gp = *(arg_30h);
0x00401268 move t8, v0 | t8 = v0;
0x0040126c sltu t8, zero, t8 | t8 = (0 < t8) ? 1 : 0;
0x00401270 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00401274 beqz t8, 0x4012f8 |
0x00401278 nop |
0x0040127c lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str._etc_passwd */
0x00401280 addiu a0, t8, 0x2040 | a0 = t8 + 0x2040;
0x00401284 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* esilref: 'a+' */
0x00401288 addiu a1, t8, 0x204c | a1 = t8 + 0x204c;
0x0040128c lw t8, -0x7f7c(gp) | t8 = sym.imp.fopen;
0x00401290 move t9, t8 | t9 = t8;
0x00401294 jalr t9 | t9 ();
0x00401298 nop |
0x0040129c lw gp, 0x30(fp) | gp = *(arg_30h);
0x004012a0 move t8, v0 | t8 = v0;
0x004012a4 sw t8, 0x4c(fp) | *(arg_4ch) = t8;
0x004012a8 lw t8, 0x4c(fp) | t8 = *(arg_4ch);
| if (t8 == 0) {
0x004012ac beqz t8, 0x4012f8 | goto label_0;
| }
0x004012b0 nop |
0x004012b4 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str.root:x:0:0:Linux_User___:_:_bin_sh */
0x004012b8 addiu a0, t8, 0x2050 | a0 = t8 + 0x2050;
0x004012bc addiu a1, zero, 1 | a1 = 1;
0x004012c0 addiu a2, zero, 0x22 | a2 = 0x22;
0x004012c4 lw a3, 0x4c(fp) | a3 = *(arg_4ch);
0x004012c8 lw t8, -0x7f3c(gp) | t8 = sym.imp.fwrite;
0x004012cc move t9, t8 | t9 = t8;
0x004012d0 jalr t9 | t9 ();
0x004012d4 nop |
0x004012d8 lw gp, 0x30(fp) | gp = *(arg_30h);
0x004012dc lw a0, 0x4c(fp) | a0 = *(arg_4ch);
0x004012e0 lw t8, -0x7f78(gp) | t8 = sym.imp.fclose;
0x004012e4 move t9, t8 | t9 = t8;
0x004012e8 jalr t9 | t9 ();
0x004012ec nop |
0x004012f0 lw gp, 0x30(fp) | gp = *(arg_30h);
0x004012f4 sw zero, 0x4c(fp) | *(arg_4ch) = 0;
| }
| label_0:
0x004012f8 addiu v0, fp, 0x40 | v0 = fp + 0x40;
0x004012fc addiu t8, fp, 0xe8 | t8 = fp + 0xe8;
0x00401300 move a0, v0 | a0 = v0;
0x00401304 move a1, t8 | a1 = t8;
0x00401308 lw t8, -0x7f9c(gp) | t8 = *(gp);
0x0040130c move t9, t8 | t9 = t8;
0x00401310 jalr t9 | t9 ();
0x00401314 nop |
0x00401318 lw gp, 0x30(fp) | gp = *(arg_30h);
0x0040131c addiu t8, fp, 0x40 | t8 = fp + 0x40;
0x00401320 move a0, t8 | a0 = t8;
0x00401324 lw t8, -0x7f44(gp) | t8 = *(gp);
0x00401328 move t9, t8 | t9 = t8;
0x0040132c jalr t9 | t9 ();
0x00401330 nop |
0x00401334 lw gp, 0x30(fp) | gp = *(arg_30h);
0x00401338 move t8, v0 | t8 = v0;
0x0040133c move a0, t8 | a0 = t8;
0x00401340 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* esilref: 'mfg' */
0x00401344 addiu a1, t8, 0x2074 | a1 = t8 + 0x2074;
0x00401348 lw t8, -0x7fa4(gp) | t8 = sym.imp.strcmp;
0x0040134c move t9, t8 | t9 = t8;
0x00401350 jalr t9 | t9 ();
0x00401354 nop |
0x00401358 lw gp, 0x30(fp) | gp = *(arg_30h);
0x0040135c move t8, v0 | t8 = v0;
0x00401360 sltiu t8, t8, 1 | t8 = (t8 < 1) ? 1 : 0;
0x00401364 andi s0, t8, 0xff | s0 = t8 & 0xff;
0x00401368 addiu t8, fp, 0x40 | t8 = fp + 0x40;
0x0040136c move a0, t8 | a0 = t8;
0x00401370 lw t8, -0x7f6c(gp) | t8 = *(gp);
0x00401374 move t9, t8 | t9 = t8;
0x00401378 jalr t9 | t9 ();
0x0040137c nop |
0x00401380 lw gp, 0x30(fp) | gp = *(arg_30h);
| if (s0 != 0) {
0x00401384 beqz s0, 0x401420 |
0x00401388 nop |
0x0040138c addiu v0, fp, 0x3c | v0 = fp + 0x3c;
0x00401390 addiu t8, fp, 0x38 | t8 = fp + 0x38;
0x00401394 move a0, v0 | a0 = v0;
0x00401398 move a1, t8 | a1 = t8;
0x0040139c lw t8, -0x7fac(gp) | t8 = *(gp);
0x004013a0 move t9, t8 | t9 = t8;
0x004013a4 jalr t9 | t9 ();
0x004013a8 nop |
0x004013ac lw gp, 0x30(fp) | gp = *(arg_30h);
0x004013b0 addiu t8, fp, 0x3c | t8 = fp + 0x3c;
0x004013b4 move a0, t8 | a0 = t8;
0x004013b8 lw t8, -0x7f44(gp) | t8 = *(gp);
0x004013bc move t9, t8 | t9 = t8;
0x004013c0 jalr t9 | t9 ();
0x004013c4 nop |
0x004013c8 lw gp, 0x30(fp) | gp = *(arg_30h);
0x004013cc move t8, v0 | t8 = v0;
0x004013d0 addiu v0, fp, 0x3634 | v0 = fp + 0x3634;
0x004013d4 move a0, v0 | a0 = v0;
0x004013d8 addiu a1, zero, 0x400 | a1 = 0x400;
0x004013dc lw v0, -0x7fdc(gp) | v0 = *(gp);
| /* str.echo__n__root:_s___cut__d____f_1___bin_busybox_chpasswd */
0x004013e0 addiu a2, v0, 0x2078 | a2 = v0 + 0x2078;
0x004013e4 move a3, t8 | a3 = t8;
0x004013e8 lw t8, -0x7f68(gp) | t8 = sym.imp.snprintf;
0x004013ec move t9, t8 | t9 = t8;
0x004013f0 jalr t9 | t9 ();
0x004013f4 nop |
0x004013f8 lw gp, 0x30(fp) | gp = *(arg_30h);
0x004013fc addiu t8, fp, 0x3634 | t8 = fp + 0x3634;
0x00401400 move a0, t8 | a0 = t8;
0x00401404 lw t8, -0x7f40(gp) | t8 = sym.imp.system
0x00401408 move t9, t8 | t9 = t8;
0x0040140c jalr t9 | t9 ();
0x00401410 nop |
0x00401414 lw gp, 0x30(fp) | gp = *(arg_30h);
0x00401418 b 0x4015f8 | goto label_1;
0x0040141c nop |
| }
0x00401420 addiu v0, fp, 0x44 | v0 = fp + 0x44;
0x00401424 addiu t8, fp, 0xe8 | t8 = fp + 0xe8;
0x00401428 move a0, v0 | a0 = v0;
0x0040142c move a1, t8 | a1 = t8;
0x00401430 lw t8, -0x7f34(gp) | t8 = *(gp);
0x00401434 move t9, t8 | t9 = t8;
0x00401438 jalr t9 | t9 ();
0x0040143c nop |
0x00401440 lw gp, 0x30(fp) | gp = *(arg_30h);
0x00401444 addiu t8, fp, 0x44 | t8 = fp + 0x44;
0x00401448 move a0, t8 | a0 = t8;
0x0040144c lw t8, -0x7f44(gp) | t8 = *(gp);
0x00401450 move t9, t8 | t9 = t8;
0x00401454 jalr t9 | t9 ();
0x00401458 nop |
0x0040145c lw gp, 0x30(fp) | gp = *(arg_30h);
0x00401460 move s0, v0 | s0 = v0;
0x00401464 addiu v0, fp, 0x48 | v0 = fp + 0x48;
0x00401468 addiu t8, fp, 0xe8 | t8 = fp + 0xe8;
0x0040146c move a0, v0 | a0 = v0;
0x00401470 move a1, t8 | a1 = t8;
0x00401474 lw t8, -0x7f94(gp) | t8 = *(gp);
0x00401478 move t9, t8 | t9 = t8;
0x0040147c jalr t9 | t9 ();
0x00401480 nop |
0x00401484 lw gp, 0x30(fp) | gp = *(arg_30h);
0x00401488 addiu t8, fp, 0x48 | t8 = fp + 0x48;
0x0040148c move a0, t8 | a0 = t8;
0x00401490 lw t8, -0x7f44(gp) | t8 = *(gp);
0x00401494 move t9, t8 | t9 = t8;
0x00401498 jalr t9 | t9 ();
0x0040149c nop |
0x004014a0 lw gp, 0x30(fp) | gp = *(arg_30h);
0x004014a4 addiu t8, fp, 0x3a34 | t8 = fp + 0x3a34;
0x004014a8 sw v0, 0x10(sp) | *(arg_10h) = v0;
0x004014ac move a0, t8 | a0 = t8;
0x004014b0 addiu a1, zero, 0x400 | a1 = 0x400;
0x004014b4 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str._s_s_n */
0x004014b8 addiu a2, t8, 0x20b4 | a2 = t8 + 0x20b4;
0x004014bc move a3, s0 | a3 = s0;
0x004014c0 lw t8, -0x7f68(gp) | t8 = sym.imp.snprintf;
0x004014c4 move t9, t8 | t9 = t8;
0x004014c8 jalr t9 | t9 ();
0x004014cc nop |
0x004014d0 lw gp, 0x30(fp) | gp = *(arg_30h);
0x004014d4 addiu t8, fp, 0x48 | t8 = fp + 0x48;
0x004014d8 move a0, t8 | a0 = t8;
0x004014dc lw t8, -0x7f6c(gp) | t8 = *(gp);
0x004014e0 move t9, t8 | t9 = t8;
0x004014e4 jalr t9 | t9 ();
0x004014e8 nop |
0x004014ec lw gp, 0x30(fp) | gp = *(arg_30h);
0x004014f0 addiu t8, fp, 0x44 | t8 = fp + 0x44;
0x004014f4 move a0, t8 | a0 = t8;
0x004014f8 lw t8, -0x7f6c(gp) | t8 = *(gp);
0x004014fc move t9, t8 | t9 = t8;
0x00401500 jalr t9 | t9 ();
0x00401504 nop |
0x00401508 lw gp, 0x30(fp) | gp = *(arg_30h);
0x0040150c addiu v0, fp, 0x3a34 | v0 = fp + 0x3a34;
0x00401510 addiu t8, fp, 0x3610 | t8 = fp + 0x3610;
0x00401514 move a0, v0 | a0 = v0;
0x00401518 move a1, t8 | a1 = t8;
0x0040151c addiu a2, zero, 0x21 | a2 = 0x21;
0x00401520 lw t8, -0x7fd4(gp) | t8 = sym.get_md5sum_char_const__char__int_;
0x00401524 move t9, t8 | t9 = t8;
0x00401528 jalr t9 | t9 ();
0x0040152c nop |
0x00401530 lw gp, 0x30(fp) | gp = *(arg_30h);
0x00401534 addiu v0, fp, 0x3c | v0 = fp + 0x3c;
0x00401538 addiu t8, fp, 0x3610 | t8 = fp + 0x3610;
0x0040153c move a0, v0 | a0 = v0;
0x00401540 move a1, t8 | a1 = t8;
0x00401544 lw t8, -0x7f2c(gp) | t8 = *(gp);
0x00401548 move t9, t8 | t9 = t8;
0x0040154c jalr t9 | t9 ();
0x00401550 nop |
0x00401554 lw gp, 0x30(fp) | gp = *(arg_30h);
0x00401558 lb t8, 0x3610(fp) | t8 = *(arg_3610h);
0x0040155c lb v0, 0x3611(fp) | v0 = *(arg_3611h);
0x00401560 move t1, v0 | t1 = v0;
0x00401564 lb v0, 0x3612(fp) | v0 = *(arg_3612h);
0x00401568 move t0, v0 | t0 = v0;
0x0040156c lb v0, 0x362b(fp) | v0 = *(arg_362bh);
0x00401570 move a3, v0 | a3 = v0;
0x00401574 lb v0, 0x362c(fp) | v0 = *(arg_362ch);
0x00401578 move a2, v0 | a2 = v0;
0x0040157c lb v0, 0x362d(fp) | v0 = *(arg_362dh);
0x00401580 move a1, v0 | a1 = v0;
0x00401584 lb v0, 0x362e(fp) | v0 = *(arg_362eh);
0x00401588 move a0, v0 | a0 = v0;
0x0040158c lb v0, 0x362f(fp) | v0 = *(arg_362fh);
0x00401590 move v1, v0 | v1 = v0;
0x00401594 addiu v0, fp, 0x3634 | v0 = fp + 0x3634;
0x00401598 sw t1, 0x10(sp) | *(arg_10h) = t1;
0x0040159c sw t0, 0x14(sp) | *(arg_14h) = t0;
0x004015a0 sw a3, 0x18(sp) | *(arg_18h) = a3;
0x004015a4 sw a2, 0x1c(sp) | *(arg_1ch) = a2;
0x004015a8 sw a1, 0x20(sp) | *(arg_20h) = a1;
0x004015ac sw a0, 0x24(sp) | *(arg_24h) = a0;
0x004015b0 sw v1, 0x28(sp) | *(arg_28h) = v1;
0x004015b4 move a0, v0 | a0 = v0;
0x004015b8 addiu a1, zero, 0x400 | a1 = 0x400;
0x004015bc lw v0, -0x7fdc(gp) | v0 = *(gp);
| /* str.echo__root:_c_c_c_c_c_c_c_c___cut__d____f_1___bin_busybox_chpasswd */
0x004015c0 addiu a2, v0, 0x20bc | a2 = v0 + 0x20bc;
0x004015c4 move a3, t8 | a3 = t8;
0x004015c8 lw t8, -0x7f68(gp) | t8 = sym.imp.snprintf;
0x004015cc move t9, t8 | t9 = t8;
0x004015d0 jalr t9 | t9 ();
0x004015d4 nop |
0x004015d8 lw gp, 0x30(fp) | gp = *(arg_30h);
0x004015dc addiu t8, fp, 0x3634 | t8 = fp + 0x3634;
0x004015e0 move a0, t8 | a0 = t8;
0x004015e4 lw t8, -0x7f40(gp) | t8 = sym.imp.system
0x004015e8 move t9, t8 | t9 = t8;
0x004015ec jalr t9 | t9 ();
0x004015f0 nop |
0x004015f4 lw gp, 0x30(fp) | gp = *(arg_30h);
| label_1:
0x004015f8 move s0, zero | s0 = 0;
0x004015fc addiu t8, fp, 0xe8 | t8 = fp + 0xe8;
0x00401600 move a0, t8 | a0 = t8;
0x00401604 lw t8, -0x7f28(gp) | t8 = sym.imp.PIB::PIB__;
0x00401608 move t9, t8 | t9 = t8;
0x0040160c jalr t9 | t9 ();
0x00401610 nop |
0x00401614 lw gp, 0x30(fp) | gp = *(arg_30h);
0x00401618 addiu t8, fp, 0x3c | t8 = fp + 0x3c;
0x0040161c move a0, t8 | a0 = t8;
0x00401620 lw t8, -0x7f6c(gp) | t8 = *(gp);
0x00401624 move t9, t8 | t9 = t8;
0x00401628 jalr t9 | t9 ();
0x0040162c nop |
0x00401630 lw gp, 0x30(fp) | gp = *(arg_30h);
0x00401634 addiu t8, fp, 0x38 | t8 = fp + 0x38;
0x00401638 move a0, t8 | a0 = t8;
0x0040163c lw t8, -0x7f6c(gp) | t8 = *(gp);
0x00401640 move t9, t8 | t9 = t8;
0x00401644 jalr t9 | t9 ();
0x00401648 nop |
0x0040164c lw gp, 0x30(fp) | gp = *(arg_30h);
0x00401650 move t8, s0 | t8 = s0;
0x00401654 move v0, t8 | v0 = t8;
0x00401658 lw t8, -0x7f38(gp) | t8 = *((gp - 8142));
0x0040165c lw v1, 0x3e34(fp) | v1 = *(arg_3e34h);
0x00401660 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x00401664 beq v1, t8, 0x4017d8 |
0x00401668 nop |
0x0040166c b 0x4017c8 | goto label_2;
0x00401670 nop |
| label_2:
0x004017c8 lw t8, -0x7f80(gp) | t8 = sym.imp.__stack_chk_fail;
0x004017cc move t9, t8 | t9 = t8;
0x004017d0 jalr t9 | t9 ();
0x004017d4 nop |
| }
0x004017d8 move sp, fp |
0x004017dc lw ra, 0x3e44(sp) | ra = *(arg_3e44h);
0x004017e0 lw fp, 0x3e40(sp) | fp = *(arg_3e40h);
0x004017e4 lw s0, 0x3e3c(sp) | s0 = *(arg_3e3ch);
0x004017e8 addiu sp, sp, 0x3e48 |
0x004017ec jr ra | return v1;
0x004017f0 nop |
| }
[*] Function system used 3 times console_secure
