[*] Binary protection state of start_wps
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of start_wps
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/start_wps @ 0x4027f4 */
| #include <stdint.h>
|
; (fcn) aav.0x004027f4 () | void aav_0x004027f4 () {
0x004027f4 lui gp, 2 |
0x004027f8 addiu gp, gp, 0x182c |
0x004027fc addu gp, gp, t9 | gp += t9;
0x00402800 addiu sp, sp, -0x70 |
0x00402804 sw ra, 0x6c(sp) | *(var_6ch) = ra;
0x00402808 sw fp, 0x68(sp) | *(var_68h) = fp;
0x0040280c move fp, sp | fp = sp;
0x00402810 sw gp, 0x18(sp) | *(var_18h) = gp;
0x00402814 sw a0, 0x24(fp) | *(arg_24h) = a0;
0x00402818 lw t8, -0x7e18(gp) | t8 = *((gp - 8070));
0x0040281c lw t8, (t8) | t8 = *(t8);
0x00402820 sw t8, 0x64(fp) | *(arg_64h) = t8;
0x00402824 addiu a0, zero, 0x400 | a0 = 0x400;
0x00402828 lw t8, -0x7e48(gp) | t8 = sym.imp.malloc;
0x0040282c move t9, t8 | t9 = t8;
0x00402830 jalr t9 | t9 ();
0x00402834 nop |
0x00402838 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040283c move t8, v0 | t8 = v0;
0x00402840 sw t8, 0x30(fp) | *(arg_30h) = t8;
0x00402844 lw t8, 0x30(fp) | t8 = *(arg_30h);
0x00402848 sltiu t8, t8, 1 | t8 = (t8 < 1) ? 1 : 0;
0x0040284c andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00402850 beqz t8, 0x402898 |
0x00402854 nop |
0x00402858 lw t8, -0x7e94(gp) | t8 = *((gp - 8101));
0x0040285c lw t8, (t8) | t8 = *(t8);
0x00402860 move a0, t8 | a0 = t8;
0x00402864 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str._s__d__Out_of_memory._n */
0x00402868 addiu a1, t8, -0x6f8c | a1 = t8 + -0x6f8c;
0x0040286c lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.wps_go_read_wlan_config_by_wpa_cli */
0x00402870 addiu a2, t8, -0x5860 | a2 = t8 + -0x5860;
0x00402874 addiu a3, zero, 0xc9 | a3 = 0xc9;
0x00402878 lw t8, -0x7ef0(gp) | t8 = sym.imp.fprintf;
0x0040287c move t9, t8 | t9 = t8;
0x00402880 jalr t9 | t9 ();
0x00402884 nop |
0x00402888 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040288c addiu t8, zero, -1 | t8 = -1;
0x00402890 b 0x4031d0 | goto label_0;
0x00402894 nop |
| }
0x00402898 addiu a0, zero, 0x400 | a0 = 0x400;
0x0040289c lw t8, -0x7e48(gp) | t8 = sym.imp.malloc;
0x004028a0 move t9, t8 | t9 = t8;
0x004028a4 jalr t9 | t9 ();
0x004028a8 nop |
0x004028ac lw gp, 0x18(fp) | gp = *(arg_18h);
0x004028b0 move t8, v0 | t8 = v0;
0x004028b4 sw t8, 0x34(fp) | *(arg_34h) = t8;
0x004028b8 lw t8, 0x34(fp) | t8 = *(arg_34h);
0x004028bc sltiu t8, t8, 1 | t8 = (t8 < 1) ? 1 : 0;
0x004028c0 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x004028c4 beqz t8, 0x40290c |
0x004028c8 nop |
0x004028cc lw t8, -0x7e94(gp) | t8 = *((gp - 8101));
0x004028d0 lw t8, (t8) | t8 = *(t8);
0x004028d4 move a0, t8 | a0 = t8;
0x004028d8 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str._s__d__Out_of_memory._n */
0x004028dc addiu a1, t8, -0x6f8c | a1 = t8 + -0x6f8c;
0x004028e0 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.wps_go_read_wlan_config_by_wpa_cli */
0x004028e4 addiu a2, t8, -0x5860 | a2 = t8 + -0x5860;
0x004028e8 addiu a3, zero, 0xcd | a3 = 0xcd;
0x004028ec lw t8, -0x7ef0(gp) | t8 = sym.imp.fprintf;
0x004028f0 move t9, t8 | t9 = t8;
0x004028f4 jalr t9 | t9 ();
0x004028f8 nop |
0x004028fc lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402900 addiu t8, zero, -1 | t8 = -1;
0x00402904 b 0x4031d0 | goto label_0;
0x00402908 nop |
| }
0x0040290c lw a0, 0x30(fp) | a0 = *(arg_30h);
0x00402910 addiu a1, zero, 0x400 | a1 = 0x400;
0x00402914 lw t8, -0x7eec(gp) | t8 = sym.imp.bzero;
0x00402918 move t9, t8 | t9 = t8;
0x0040291c jalr t9 | t9 ();
0x00402920 nop |
0x00402924 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402928 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.wpa_cli__i_wlan0_status */
0x0040292c addiu a0, t8, -0x6f74 | a0 = t8 + -0x6f74;
0x00402930 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* section..rodata */
0x00402934 addiu a1, t8, -0x7130 | a1 = t8 + -0x7130;
0x00402938 lw t8, -0x7f34(gp) | t8 = sym.imp.popen;
0x0040293c move t9, t8 | t9 = t8;
0x00402940 jalr t9 | t9 ();
0x00402944 nop |
0x00402948 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040294c move t8, v0 | t8 = v0;
0x00402950 sw t8, 0x38(fp) | *(arg_38h) = t8;
0x00402954 lw t8, 0x38(fp) | t8 = *(arg_38h);
0x00402958 sltiu t8, t8, 1 | t8 = (t8 < 1) ? 1 : 0;
0x0040295c andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00402960 beqz t8, 0x402974 |
0x00402964 nop |
0x00402968 addiu t8, zero, -1 | t8 = -1;
0x0040296c b 0x4031d0 | goto label_0;
0x00402970 nop |
| }
0x00402974 lw a0, 0x30(fp) | a0 = *(arg_30h);
0x00402978 addiu a1, zero, 1 | a1 = 1;
0x0040297c addiu a2, zero, 0x400 | a2 = 0x400;
0x00402980 lw a3, 0x38(fp) | a3 = *(arg_38h);
0x00402984 lw t8, -0x7ea4(gp) | t8 = sym.imp.fread;
0x00402988 move t9, t8 | t9 = t8;
0x0040298c jalr t9 | t9 ();
0x00402990 nop |
0x00402994 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402998 lw a0, 0x38(fp) | a0 = *(arg_38h);
0x0040299c lw t8, -0x7e9c(gp) | t8 = sym.imp.pclose;
0x004029a0 move t9, t8 | t9 = t8;
0x004029a4 jalr t9 | t9 ();
0x004029a8 nop |
0x004029ac lw gp, 0x18(fp) | gp = *(arg_18h);
0x004029b0 lw t8, -0x7e94(gp) | t8 = *((gp - 8101));
0x004029b4 lw t8, (t8) | t8 = *(t8);
0x004029b8 move a0, t8 | a0 = t8;
0x004029bc lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.buf:__s__n */
0x004029c0 addiu a1, t8, -0x6f5c | a1 = t8 + -0x6f5c;
0x004029c4 lw a2, 0x30(fp) | a2 = *(arg_30h);
0x004029c8 lw t8, -0x7ef0(gp) | t8 = sym.imp.fprintf;
0x004029cc move t9, t8 | t9 = t8;
0x004029d0 jalr t9 | t9 ();
0x004029d4 nop |
0x004029d8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x004029dc lw a0, 0x24(fp) | a0 = *(arg_24h);
0x004029e0 addiu a1, zero, 0x194 | a1 = 0x194;
0x004029e4 lw t8, -0x7eec(gp) | t8 = sym.imp.bzero;
0x004029e8 move t9, t8 | t9 = t8;
0x004029ec jalr t9 | t9 ();
0x004029f0 nop |
0x004029f4 lw gp, 0x18(fp) | gp = *(arg_18h);
0x004029f8 lw t8, 0x30(fp) | t8 = *(arg_30h);
0x004029fc sw t8, 0x3c(fp) | *(arg_3ch) = t8;
0x00402a00 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.bssid */
0x00402a04 addiu t8, t8, -0x6f48 | t8 += -0x6f48;
0x00402a08 sw t8, 0x10(sp) | *(var_10h) = t8;
0x00402a0c lw a0, 0x30(fp) | a0 = *(arg_30h);
0x00402a10 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.ssid */
0x00402a14 addiu a1, t8, -0x6f50 | a1 = t8 + -0x6f50;
0x00402a18 lw a2, 0x34(fp) | a2 = *(arg_34h);
0x00402a1c addiu a3, zero, 0x400 | a3 = 0x400;
0x00402a20 lw t8, -0x7fd8(gp) | t8 = sym.wps_go_get_key_parameter_from_memory_char_const__char_const__char__int__char_const_;
0x00402a24 move t9, t8 | t9 = t8;
0x00402a28 jalr t9 | t9 ();
0x00402a2c nop |
0x00402a30 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402a34 move t8, v0 | t8 = v0;
0x00402a38 sw t8, 0x3c(fp) | *(arg_3ch) = t8;
0x00402a3c lw t8, 0x3c(fp) | t8 = *(arg_3ch);
0x00402a40 sltu t8, zero, t8 | t8 = (0 < t8) ? 1 : 0;
0x00402a44 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00402a48 beqz t8, 0x402aa8 |
0x00402a4c nop |
0x00402a50 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00402a54 addiu t8, t8, 8 | t8 += 8;
0x00402a58 move a0, t8 | a0 = t8;
0x00402a5c lw a1, 0x3c(fp) | a1 = *(arg_3ch);
0x00402a60 lw t8, -0x7f48(gp) | t8 = sym.imp.strcpy
0x00402a64 move t9, t8 | t9 = t8;
0x00402a68 jalr t9 | t9 ();
0x00402a6c nop |
0x00402a70 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402a74 lw t8, -0x7e94(gp) | t8 = *((gp - 8101));
0x00402a78 lw v0, (t8) | v0 = *(t8);
0x00402a7c lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00402a80 addiu t8, t8, 8 | t8 += 8;
0x00402a84 move a0, v0 | a0 = v0;
0x00402a88 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str.wlan_config__ESSID:__s__n */
0x00402a8c addiu a1, v0, -0x6f40 | a1 = v0 + -0x6f40;
0x00402a90 move a2, t8 | a2 = t8;
0x00402a94 lw t8, -0x7ef0(gp) | t8 = sym.imp.fprintf;
0x00402a98 move t9, t8 | t9 = t8;
0x00402a9c jalr t9 | t9 ();
0x00402aa0 nop |
0x00402aa4 lw gp, 0x18(fp) | gp = *(arg_18h);
| }
0x00402aa8 lw t8, -0x7e94(gp) | t8 = *((gp - 8101));
0x00402aac lw t8, (t8) | t8 = *(t8);
0x00402ab0 move a0, t8 | a0 = t8;
0x00402ab4 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str._s__d__n */
0x00402ab8 addiu a1, t8, -0x6f24 | a1 = t8 + -0x6f24;
0x00402abc lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.wps_go_read_wlan_config_by_wpa_cli */
0x00402ac0 addiu a2, t8, -0x5860 | a2 = t8 + -0x5860;
0x00402ac4 addiu a3, zero, 0xe1 | a3 = 0xe1;
0x00402ac8 lw t8, -0x7ef0(gp) | t8 = sym.imp.fprintf;
0x00402acc move t9, t8 | t9 = t8;
0x00402ad0 jalr t9 | t9 ();
0x00402ad4 nop |
0x00402ad8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402adc sw zero, 0x10(sp) | *(var_10h) = 0;
0x00402ae0 lw a0, 0x30(fp) | a0 = *(arg_30h);
0x00402ae4 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.passphrase */
0x00402ae8 addiu a1, t8, -0x6f1c | a1 = t8 + -0x6f1c;
0x00402aec lw a2, 0x34(fp) | a2 = *(arg_34h);
0x00402af0 addiu a3, zero, 0x400 | a3 = 0x400;
0x00402af4 lw t8, -0x7fd8(gp) | t8 = sym.wps_go_get_key_parameter_from_memory_char_const__char_const__char__int__char_const_;
0x00402af8 move t9, t8 | t9 = t8;
0x00402afc jalr t9 | t9 ();
0x00402b00 nop |
0x00402b04 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402b08 move t8, v0 | t8 = v0;
0x00402b0c sw t8, 0x3c(fp) | *(arg_3ch) = t8;
0x00402b10 lw t8, 0x3c(fp) | t8 = *(arg_3ch);
0x00402b14 sltu t8, zero, t8 | t8 = (0 < t8) ? 1 : 0;
0x00402b18 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00402b1c beqz t8, 0x402b84 |
0x00402b20 nop |
0x00402b24 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00402b28 addiu t8, t8, 0x14c | t8 += 0x14c;
0x00402b2c move a0, t8 | a0 = t8;
0x00402b30 lw a1, 0x3c(fp) | a1 = *(arg_3ch);
0x00402b34 lw t8, -0x7f48(gp) | t8 = sym.imp.strcpy
0x00402b38 move t9, t8 | t9 = t8;
0x00402b3c jalr t9 | t9 ();
0x00402b40 nop |
0x00402b44 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402b48 lw t8, -0x7e94(gp) | t8 = *((gp - 8101));
0x00402b4c lw v0, (t8) | v0 = *(t8);
0x00402b50 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00402b54 addiu t8, t8, 0x14c | t8 += 0x14c;
0x00402b58 move a0, v0 | a0 = v0;
0x00402b5c lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str.wlan_config__Password:__s__n */
0x00402b60 addiu a1, v0, -0x6f10 | a1 = v0 + -0x6f10;
0x00402b64 move a2, t8 | a2 = t8;
0x00402b68 lw t8, -0x7ef0(gp) | t8 = sym.imp.fprintf;
0x00402b6c move t9, t8 | t9 = t8;
0x00402b70 jalr t9 | t9 ();
0x00402b74 nop |
0x00402b78 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402b7c b 0x402d54 | goto label_1;
0x00402b80 nop |
| }
0x00402b84 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str._tmp_wpa_supplicant.conf */
0x00402b88 addiu a0, t8, -0x6ef4 | a0 = t8 + -0x6ef4;
0x00402b8c lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* section..rodata */
0x00402b90 addiu a1, t8, -0x7130 | a1 = t8 + -0x7130;
0x00402b94 lw t8, -0x7e54(gp) | t8 = sym.imp.fopen64;
0x00402b98 move t9, t8 | t9 = t8;
0x00402b9c jalr t9 | t9 ();
0x00402ba0 nop |
0x00402ba4 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402ba8 move t8, v0 | t8 = v0;
0x00402bac sw t8, 0x38(fp) | *(arg_38h) = t8;
0x00402bb0 lw t8, 0x38(fp) | t8 = *(arg_38h);
0x00402bb4 sltu t8, zero, t8 | t8 = (0 < t8) ? 1 : 0;
0x00402bb8 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 == 0) {
0x00402bbc beqz t8, 0x402d54 | goto label_1;
| }
0x00402bc0 nop |
0x00402bc4 sw zero, 0x2c(fp) | *(arg_2ch) = 0;
0x00402bc8 b 0x402d08 | goto label_2;
0x00402bcc nop |
| do {
0x00402bd0 lw a0, 0x34(fp) | a0 = *(arg_34h);
0x00402bd4 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.psk */
0x00402bd8 addiu a1, t8, -0x6ed8 | a1 = t8 + -0x6ed8;
0x00402bdc lw t8, -0x7f10(gp) | t8 = sym.imp.strstr;
0x00402be0 move t9, t8 | t9 = t8;
0x00402be4 jalr t9 | t9 ();
0x00402be8 nop |
0x00402bec lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402bf0 sw v0, 0x40(fp) | *(arg_40h) = v0;
0x00402bf4 lw t8, 0x40(fp) | t8 = *(arg_40h);
| if (t8 != 0) {
0x00402bf8 beqz t8, 0x402c1c |
0x00402bfc nop |
0x00402c00 lw v0, 0x2c(fp) | v0 = *(arg_2ch);
0x00402c04 addiu t8, zero, 1 | t8 = 1;
| if (v0 != t8) {
0x00402c08 bne v0, t8, 0x402c1c | goto label_3;
| }
0x00402c0c nop |
0x00402c10 addiu t8, zero, 1 | t8 = 1;
0x00402c14 b 0x402c20 | goto label_4;
0x00402c18 nop |
| }
| label_3:
0x00402c1c move t8, zero | t8 = 0;
| if (t8 != 0) {
| label_4:
0x00402c20 beqz t8, 0x402cd4 |
0x00402c24 nop |
0x00402c28 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00402c2c addiu v0, t8, 0x14c | v0 = t8 + 0x14c;
0x00402c30 lw t8, 0x40(fp) | t8 = *(arg_40h);
0x00402c34 addiu t8, t8, 5 | t8 += 5;
0x00402c38 move a0, v0 | a0 = v0;
0x00402c3c move a1, t8 | a1 = t8;
0x00402c40 lw t8, -0x7f48(gp) | t8 = sym.imp.strcpy
0x00402c44 move t9, t8 | t9 = t8;
0x00402c48 jalr t9 | t9 ();
0x00402c4c nop |
0x00402c50 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402c54 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00402c58 addiu t8, t8, 0x14c | t8 += 0x14c;
0x00402c5c move a0, t8 | a0 = t8;
0x00402c60 lw t8, -0x7e5c(gp) | t8 = sym.imp.strlen;
0x00402c64 move t9, t8 | t9 = t8;
0x00402c68 jalr t9 | t9 ();
0x00402c6c nop |
0x00402c70 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402c74 move t8, v0 | t8 = v0;
0x00402c78 addiu t8, t8, -2 | t8 += -2;
0x00402c7c addiu t8, t8, 0x148 | t8 += 0x148;
0x00402c80 lw v0, 0x24(fp) | v0 = *(arg_24h);
0x00402c84 addu t8, v0, t8 | t8 = v0 + t8;
0x00402c88 addiu t8, t8, 4 | t8 += 4;
0x00402c8c sw t8, 0x40(fp) | *(arg_40h) = t8;
0x00402c90 lw t8, 0x40(fp) | t8 = *(arg_40h);
0x00402c94 sb zero, (t8) | *(t8) = 0;
0x00402c98 lw t8, -0x7e94(gp) | t8 = *((gp - 8101));
0x00402c9c lw v0, (t8) | v0 = *(t8);
0x00402ca0 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00402ca4 addiu t8, t8, 0x14c | t8 += 0x14c;
0x00402ca8 move a0, v0 | a0 = v0;
0x00402cac lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str.wlan_config__Password:__s__n */
0x00402cb0 addiu a1, v0, -0x6f10 | a1 = v0 + -0x6f10;
0x00402cb4 move a2, t8 | a2 = t8;
0x00402cb8 lw t8, -0x7ef0(gp) | t8 = sym.imp.fprintf;
0x00402cbc move t9, t8 | t9 = t8;
0x00402cc0 jalr t9 | t9 ();
0x00402cc4 nop |
0x00402cc8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402ccc b 0x402d3c | goto label_5;
0x00402cd0 nop |
| }
0x00402cd4 lw a0, 0x34(fp) | a0 = *(arg_34h);
0x00402cd8 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.ssid */
0x00402cdc addiu a1, t8, -0x6f50 | a1 = t8 + -0x6f50;
0x00402ce0 lw t8, -0x7f10(gp) | t8 = sym.imp.strstr;
0x00402ce4 move t9, t8 | t9 = t8;
0x00402ce8 jalr t9 | t9 ();
0x00402cec nop |
0x00402cf0 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402cf4 move t8, v0 | t8 = v0;
| if (t8 != 0) {
0x00402cf8 beqz t8, 0x402d08 |
0x00402cfc nop |
0x00402d00 addiu t8, zero, 1 | t8 = 1;
0x00402d04 sw t8, 0x2c(fp) | *(arg_2ch) = t8;
| }
| label_2:
0x00402d08 lw a0, 0x34(fp) | a0 = *(arg_34h);
0x00402d0c addiu a1, zero, 0x400 | a1 = 0x400;
0x00402d10 lw a2, 0x38(fp) | a2 = *(arg_38h);
0x00402d14 lw t8, -0x7ed0(gp) | t8 = sym.imp.fgets;
0x00402d18 move t9, t8 | t9 = t8;
0x00402d1c jalr t9 | t9 ();
0x00402d20 nop |
0x00402d24 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402d28 move t8, v0 | t8 = v0;
0x00402d2c sltu t8, zero, t8 | t8 = (0 < t8) ? 1 : 0;
0x00402d30 andi t8, t8, 0xff | t8 &= 0xff;
0x00402d34 bnez t8, 0x402bd0 |
| } while (t8 != 0);
0x00402d38 nop |
| label_5:
0x00402d3c lw a0, 0x38(fp) | a0 = *(arg_38h);
0x00402d40 lw t8, -0x7ea0(gp) | t8 = sym.imp.fclose;
0x00402d44 move t9, t8 | t9 = t8;
0x00402d48 jalr t9 | t9 ();
0x00402d4c nop |
0x00402d50 lw gp, 0x18(fp) | gp = *(arg_18h);
| label_1:
0x00402d54 lw t8, -0x7e94(gp) | t8 = *((gp - 8101));
0x00402d58 lw t8, (t8) | t8 = *(t8);
0x00402d5c move a0, t8 | a0 = t8;
0x00402d60 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str._s__d__n */
0x00402d64 addiu a1, t8, -0x6f24 | a1 = t8 + -0x6f24;
0x00402d68 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.wps_go_read_wlan_config_by_wpa_cli */
0x00402d6c addiu a2, t8, -0x5860 | a2 = t8 + -0x5860;
0x00402d70 addiu a3, zero, 0xf8 | a3 = 0xf8;
0x00402d74 lw t8, -0x7ef0(gp) | t8 = sym.imp.fprintf;
0x00402d78 move t9, t8 | t9 = t8;
0x00402d7c jalr t9 | t9 ();
0x00402d80 nop |
0x00402d84 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402d88 sw zero, 0x10(sp) | *(var_10h) = 0;
0x00402d8c lw a0, 0x30(fp) | a0 = *(arg_30h);
0x00402d90 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.key_mgmt */
0x00402d94 addiu a1, t8, -0x6ed0 | a1 = t8 + -0x6ed0;
0x00402d98 lw a2, 0x34(fp) | a2 = *(arg_34h);
0x00402d9c addiu a3, zero, 0x400 | a3 = 0x400;
0x00402da0 lw t8, -0x7fd8(gp) | t8 = sym.wps_go_get_key_parameter_from_memory_char_const__char_const__char__int__char_const_;
0x00402da4 move t9, t8 | t9 = t8;
0x00402da8 jalr t9 | t9 ();
0x00402dac nop |
0x00402db0 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402db4 move t8, v0 | t8 = v0;
0x00402db8 sw t8, 0x3c(fp) | *(arg_3ch) = t8;
0x00402dbc lw t8, 0x3c(fp) | t8 = *(arg_3ch);
0x00402dc0 sltu t8, zero, t8 | t8 = (0 < t8) ? 1 : 0;
0x00402dc4 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00402dc8 beqz t8, 0x402ecc |
0x00402dcc nop |
0x00402dd0 lw a0, 0x3c(fp) | a0 = *(arg_3ch);
0x00402dd4 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.NONE */
0x00402dd8 addiu a1, t8, -0x6ec4 | a1 = t8 + -0x6ec4;
0x00402ddc lw t8, -0x7f18(gp) | t8 = sym.imp.strcmp;
0x00402de0 move t9, t8 | t9 = t8;
0x00402de4 jalr t9 | t9 ();
0x00402de8 nop |
0x00402dec lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402df0 move t8, v0 | t8 = v0;
| if (t8 == 0) {
0x00402df4 bnez t8, 0x402e0c |
0x00402df8 nop |
0x00402dfc lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00402e00 sw zero, 0x30(t8) | *((t8 + 48)) = 0;
0x00402e04 b 0x402e98 | goto label_6;
0x00402e08 nop |
| }
0x00402e0c lw a0, 0x3c(fp) | a0 = *(arg_3ch);
0x00402e10 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.WPA_PSK */
0x00402e14 addiu a1, t8, -0x6ebc | a1 = t8 + -0x6ebc;
0x00402e18 lw t8, -0x7f18(gp) | t8 = sym.imp.strcmp;
0x00402e1c move t9, t8 | t9 = t8;
0x00402e20 jalr t9 | t9 ();
0x00402e24 nop |
0x00402e28 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402e2c move t8, v0 | t8 = v0;
| if (t8 == 0) {
0x00402e30 bnez t8, 0x402e4c |
0x00402e34 nop |
0x00402e38 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00402e3c addiu v0, zero, 2 | v0 = 2;
0x00402e40 sw v0, 0x30(t8) | *((t8 + 48)) = v0;
0x00402e44 b 0x402e98 | goto label_6;
0x00402e48 nop |
| }
0x00402e4c lw a0, 0x3c(fp) | a0 = *(arg_3ch);
0x00402e50 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.WPA2_PSK */
0x00402e54 addiu a1, t8, -0x6eb4 | a1 = t8 + -0x6eb4;
0x00402e58 lw t8, -0x7f18(gp) | t8 = sym.imp.strcmp;
0x00402e5c move t9, t8 | t9 = t8;
0x00402e60 jalr t9 | t9 ();
0x00402e64 nop |
0x00402e68 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402e6c move t8, v0 | t8 = v0;
| if (t8 == 0) {
0x00402e70 bnez t8, 0x402e8c |
0x00402e74 nop |
0x00402e78 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00402e7c addiu v0, zero, 5 | v0 = 5;
0x00402e80 sw v0, 0x30(t8) | *((t8 + 48)) = v0;
0x00402e84 b 0x402e98 | goto label_6;
0x00402e88 nop |
| }
0x00402e8c lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00402e90 addiu v0, zero, 1 | v0 = 1;
0x00402e94 sw v0, 0x30(t8) | *((t8 + 48)) = v0;
| label_6:
0x00402e98 lw t8, -0x7e94(gp) | t8 = *((gp - 8101));
0x00402e9c lw v0, (t8) | v0 = *(t8);
0x00402ea0 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00402ea4 lw t8, 0x30(t8) | t8 = *((t8 + 12));
0x00402ea8 move a0, v0 | a0 = v0;
0x00402eac lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str.wlan_config__Authmode:__d__n */
0x00402eb0 addiu a1, v0, -0x6ea8 | a1 = v0 + -0x6ea8;
0x00402eb4 move a2, t8 | a2 = t8;
0x00402eb8 lw t8, -0x7ef0(gp) | t8 = sym.imp.fprintf;
0x00402ebc move t9, t8 | t9 = t8;
0x00402ec0 jalr t9 | t9 ();
0x00402ec4 nop |
0x00402ec8 lw gp, 0x18(fp) | gp = *(arg_18h);
| }
0x00402ecc lw t8, -0x7e94(gp) | t8 = *((gp - 8101));
0x00402ed0 lw t8, (t8) | t8 = *(t8);
0x00402ed4 move a0, t8 | a0 = t8;
0x00402ed8 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str._s__d__n */
0x00402edc addiu a1, t8, -0x6f24 | a1 = t8 + -0x6f24;
0x00402ee0 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.wps_go_read_wlan_config_by_wpa_cli */
0x00402ee4 addiu a2, t8, -0x5860 | a2 = t8 + -0x5860;
0x00402ee8 addiu a3, zero, 0x107 | a3 = 0x107;
0x00402eec lw t8, -0x7ef0(gp) | t8 = sym.imp.fprintf;
0x00402ef0 move t9, t8 | t9 = t8;
0x00402ef4 jalr t9 | t9 ();
0x00402ef8 nop |
0x00402efc lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402f00 sw zero, 0x10(sp) | *(var_10h) = 0;
0x00402f04 lw a0, 0x30(fp) | a0 = *(arg_30h);
0x00402f08 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.pairwise_cipher */
0x00402f0c addiu a1, t8, -0x6e8c | a1 = t8 + -0x6e8c;
0x00402f10 lw a2, 0x34(fp) | a2 = *(arg_34h);
0x00402f14 addiu a3, zero, 0x400 | a3 = 0x400;
0x00402f18 lw t8, -0x7fd8(gp) | t8 = sym.wps_go_get_key_parameter_from_memory_char_const__char_const__char__int__char_const_;
0x00402f1c move t9, t8 | t9 = t8;
0x00402f20 jalr t9 | t9 ();
0x00402f24 nop |
0x00402f28 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402f2c move t8, v0 | t8 = v0;
0x00402f30 sw t8, 0x3c(fp) | *(arg_3ch) = t8;
0x00402f34 addiu t8, fp, 0x44 | t8 = fp + 0x44;
0x00402f38 move a0, t8 | a0 = t8;
0x00402f3c lw a1, 0x3c(fp) | a1 = *(arg_3ch);
0x00402f40 addiu a2, zero, 0x10 | a2 = 0x10;
0x00402f44 lw t8, -0x7ed4(gp) | t8 = sym.imp.strncpy;
0x00402f48 move t9, t8 | t9 = t8;
0x00402f4c jalr t9 | t9 ();
0x00402f50 nop |
0x00402f54 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402f58 sw zero, 0x10(sp) | *(var_10h) = 0;
0x00402f5c lw a0, 0x30(fp) | a0 = *(arg_30h);
0x00402f60 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.group_cipher */
0x00402f64 addiu a1, t8, -0x6e78 | a1 = t8 + -0x6e78;
0x00402f68 lw a2, 0x34(fp) | a2 = *(arg_34h);
0x00402f6c addiu a3, zero, 0x400 | a3 = 0x400;
0x00402f70 lw t8, -0x7fd8(gp) | t8 = sym.wps_go_get_key_parameter_from_memory_char_const__char_const__char__int__char_const_;
0x00402f74 move t9, t8 | t9 = t8;
0x00402f78 jalr t9 | t9 ();
0x00402f7c nop |
0x00402f80 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402f84 move t8, v0 | t8 = v0;
0x00402f88 sw t8, 0x3c(fp) | *(arg_3ch) = t8;
0x00402f8c addiu t8, fp, 0x54 | t8 = fp + 0x54;
0x00402f90 move a0, t8 | a0 = t8;
0x00402f94 lw a1, 0x3c(fp) | a1 = *(arg_3ch);
0x00402f98 addiu a2, zero, 0x10 | a2 = 0x10;
0x00402f9c lw t8, -0x7ed4(gp) | t8 = sym.imp.strncpy;
0x00402fa0 move t9, t8 | t9 = t8;
0x00402fa4 jalr t9 | t9 ();
0x00402fa8 nop |
0x00402fac lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402fb0 lw t8, -0x7e94(gp) | t8 = *((gp - 8101));
0x00402fb4 lw v1, (t8) | v1 = *(t8);
0x00402fb8 addiu v0, fp, 0x44 | v0 = fp + 0x44;
0x00402fbc addiu t8, fp, 0x54 | t8 = fp + 0x54;
0x00402fc0 move a0, v1 | a0 = v1;
0x00402fc4 lw v1, -0x7fdc(gp) | v1 = *((gp - 8183));
| /* str.pairwise_s_ngroup_s_n */
0x00402fc8 addiu a1, v1, -0x6e68 | a1 = v1 + -0x6e68;
0x00402fcc move a2, v0 | a2 = v0;
0x00402fd0 move a3, t8 | a3 = t8;
0x00402fd4 lw t8, -0x7ef0(gp) | t8 = sym.imp.fprintf;
0x00402fd8 move t9, t8 | t9 = t8;
0x00402fdc jalr t9 | t9 ();
0x00402fe0 nop |
0x00402fe4 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00402fe8 addiu t8, fp, 0x44 | t8 = fp + 0x44;
0x00402fec move a0, t8 | a0 = t8;
0x00402ff0 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.CCMP */
0x00402ff4 addiu a1, t8, -0x6e50 | a1 = t8 + -0x6e50;
0x00402ff8 lw t8, -0x7f18(gp) | t8 = sym.imp.strcmp;
0x00402ffc move t9, t8 | t9 = t8;
0x00403000 jalr t9 | t9 ();
0x00403004 nop |
0x00403008 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040300c move t8, v0 | t8 = v0;
| if (t8 == 0) {
0x00403010 bnez t8, 0x40305c |
0x00403014 nop |
0x00403018 addiu t8, fp, 0x54 | t8 = fp + 0x54;
0x0040301c move a0, t8 | a0 = t8;
0x00403020 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.CCMP */
0x00403024 addiu a1, t8, -0x6e50 | a1 = t8 + -0x6e50;
0x00403028 lw t8, -0x7f18(gp) | t8 = sym.imp.strcmp;
0x0040302c move t9, t8 | t9 = t8;
0x00403030 jalr t9 | t9 ();
0x00403034 nop |
0x00403038 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040303c move t8, v0 | t8 = v0;
| if (t8 != 0) {
0x00403040 bnez t8, 0x40305c | goto label_7;
| }
0x00403044 nop |
0x00403048 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x0040304c addiu v0, zero, 3 | v0 = 3;
0x00403050 sw v0, 0x34(t8) | *((t8 + 52)) = v0;
0x00403054 b 0x4030c8 | goto label_8;
0x00403058 nop |
| }
| label_7:
0x0040305c addiu t8, fp, 0x44 | t8 = fp + 0x44;
0x00403060 move a0, t8 | a0 = t8;
0x00403064 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.TKIP */
0x00403068 addiu a1, t8, -0x6e48 | a1 = t8 + -0x6e48;
0x0040306c lw t8, -0x7f18(gp) | t8 = sym.imp.strcmp;
0x00403070 move t9, t8 | t9 = t8;
0x00403074 jalr t9 | t9 ();
0x00403078 nop |
0x0040307c lw gp, 0x18(fp) | gp = *(arg_18h);
0x00403080 move t8, v0 | t8 = v0;
| if (t8 == 0) {
0x00403084 bnez t8, 0x4030c8 |
0x00403088 nop |
0x0040308c addiu t8, fp, 0x54 | t8 = fp + 0x54;
0x00403090 move a0, t8 | a0 = t8;
0x00403094 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.TKIP */
0x00403098 addiu a1, t8, -0x6e48 | a1 = t8 + -0x6e48;
0x0040309c lw t8, -0x7f18(gp) | t8 = sym.imp.strcmp;
0x004030a0 move t9, t8 | t9 = t8;
0x004030a4 jalr t9 | t9 ();
0x004030a8 nop |
0x004030ac lw gp, 0x18(fp) | gp = *(arg_18h);
0x004030b0 move t8, v0 | t8 = v0;
| if (t8 != 0) {
0x004030b4 bnez t8, 0x4030c8 | goto label_8;
| }
0x004030b8 nop |
0x004030bc lw t8, 0x24(fp) | t8 = *(arg_24h);
0x004030c0 addiu v0, zero, 2 | v0 = 2;
0x004030c4 sw v0, 0x34(t8) | *((t8 + 52)) = v0;
| }
| label_8:
0x004030c8 addiu t8, fp, 0x44 | t8 = fp + 0x44;
0x004030cc move a0, t8 | a0 = t8;
0x004030d0 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.CCMP */
0x004030d4 addiu a1, t8, -0x6e50 | a1 = t8 + -0x6e50;
0x004030d8 lw t8, -0x7f18(gp) | t8 = sym.imp.strcmp;
0x004030dc move t9, t8 | t9 = t8;
0x004030e0 jalr t9 | t9 ();
0x004030e4 nop |
0x004030e8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x004030ec move t8, v0 | t8 = v0;
| if (t8 == 0) {
0x004030f0 bnez t8, 0x403134 |
0x004030f4 nop |
0x004030f8 addiu t8, fp, 0x54 | t8 = fp + 0x54;
0x004030fc move a0, t8 | a0 = t8;
0x00403100 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.TKIP */
0x00403104 addiu a1, t8, -0x6e48 | a1 = t8 + -0x6e48;
0x00403108 lw t8, -0x7f18(gp) | t8 = sym.imp.strcmp;
0x0040310c move t9, t8 | t9 = t8;
0x00403110 jalr t9 | t9 ();
0x00403114 nop |
0x00403118 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040311c move t8, v0 | t8 = v0;
| if (t8 != 0) {
0x00403120 bnez t8, 0x403134 | goto label_9;
| }
0x00403124 nop |
0x00403128 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x0040312c addiu v0, zero, 3 | v0 = 3;
0x00403130 sw v0, 0x34(t8) | *((t8 + 52)) = v0;
| }
| label_9:
0x00403134 lw t8, -0x7e94(gp) | t8 = *((gp - 8101));
0x00403138 lw v0, (t8) | v0 = *(t8);
0x0040313c lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00403140 lw t8, 0x34(t8) | t8 = *((t8 + 13));
0x00403144 move a0, v0 | a0 = v0;
0x00403148 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str.wlan_config__SecMethod:__d__n */
0x0040314c addiu a1, v0, -0x6e40 | a1 = v0 + -0x6e40;
0x00403150 move a2, t8 | a2 = t8;
0x00403154 lw t8, -0x7ef0(gp) | t8 = sym.imp.fprintf;
0x00403158 move t9, t8 | t9 = t8;
0x0040315c jalr t9 | t9 ();
0x00403160 nop |
0x00403164 lw gp, 0x18(fp) | gp = *(arg_18h);
0x00403168 lw t8, -0x7e94(gp) | t8 = *((gp - 8101));
0x0040316c lw t8, (t8) | t8 = *(t8);
0x00403170 move a0, t8 | a0 = t8;
0x00403174 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str._s__d__n */
0x00403178 addiu a1, t8, -0x6f24 | a1 = t8 + -0x6f24;
0x0040317c lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.wps_go_read_wlan_config_by_wpa_cli */
0x00403180 addiu a2, t8, -0x5860 | a2 = t8 + -0x5860;
0x00403184 addiu a3, zero, 0x11c | a3 = 0x11c;
0x00403188 lw t8, -0x7ef0(gp) | t8 = sym.imp.fprintf;
0x0040318c move t9, t8 | t9 = t8;
0x00403190 jalr t9 | t9 ();
0x00403194 nop |
0x00403198 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040319c lw a0, 0x30(fp) | a0 = *(arg_30h);
0x004031a0 lw t8, -0x7f24(gp) | t8 = sym.imp.free;
0x004031a4 move t9, t8 | t9 = t8;
0x004031a8 jalr t9 | t9 ();
0x004031ac nop |
0x004031b0 lw gp, 0x18(fp) | gp = *(arg_18h);
0x004031b4 lw a0, 0x34(fp) | a0 = *(arg_34h);
0x004031b8 lw t8, -0x7f24(gp) | t8 = sym.imp.free;
0x004031bc move t9, t8 | t9 = t8;
0x004031c0 jalr t9 | t9 ();
0x004031c4 nop |
0x004031c8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x004031cc move t8, zero | t8 = 0;
| label_0:
0x004031d0 move v0, t8 | v0 = t8;
0x004031d4 lw t8, -0x7e18(gp) | t8 = *((gp - 8070));
0x004031d8 lw v1, 0x64(fp) | v1 = *(arg_64h);
0x004031dc lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x004031e0 beq v1, t8, 0x4031f8 |
0x004031e4 nop |
0x004031e8 lw t8, -0x7ea8(gp) | t8 = sym.imp.__stack_chk_fail;
0x004031ec move t9, t8 | t9 = t8;
0x004031f0 jalr t9 | t9 ();
0x004031f4 nop |
| }
0x004031f8 move sp, fp |
0x004031fc lw ra, 0x6c(sp) | ra = *(var_6ch);
0x00403200 lw fp, 0x68(sp) | fp = *(var_68h);
0x00403204 addiu sp, sp, 0x70 |
0x00403208 jr ra | return v1;
0x0040320c nop |
| }
[*] Function strcpy used 4 times start_wps
