[*] Binary protection state of wifiAutoReconnect
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function strcpy tear down of wifiAutoReconnect
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/wifiAutoReconnect @ 0x403a44 */
| #include <stdint.h>
|
; (fcn) sym.GetIfHwAddr_char_const__unsigned_char_ () | void GetIfHwAddr_char_const_unsigned_char_ () {
| /* GetIfHwAddr(char const*, unsigned char*) */
0x00403a44 lui gp, 2 |
0x00403a48 addiu gp, gp, 0x15ec |
0x00403a4c addu gp, gp, t9 | gp += t9;
0x00403a50 addiu sp, sp, -0x50 |
0x00403a54 sw ra, 0x4c(sp) | *(var_4ch) = ra;
0x00403a58 sw fp, 0x48(sp) | *(var_48h) = fp;
0x00403a5c move fp, sp | fp = sp;
0x00403a60 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00403a64 sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x00403a68 sw a1, 0x18(fp) | *(arg_18h) = a1;
0x00403a6c lw t8, -0x7dd0(gp) | t8 = *((gp - 8052));
0x00403a70 lw t8, (t8) | t8 = *(t8);
0x00403a74 sw t8, 0x44(fp) | *(arg_44h) = t8;
0x00403a78 addiu a0, zero, 2 | a0 = 2;
0x00403a7c addiu a1, zero, 1 | a1 = 1;
0x00403a80 move a2, zero | a2 = 0;
0x00403a84 lw t8, -0x7ed0(gp) | t8 = sym.imp.socket;
0x00403a88 move t9, t8 | t9 = t8;
0x00403a8c jalr t9 | t9 ();
0x00403a90 nop |
0x00403a94 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00403a98 sw v0, 0x20(fp) | *(arg_20h) = v0;
0x00403a9c lw t8, 0x20(fp) | t8 = *(arg_20h);
0x00403aa0 srl t8, t8, 0x1f | t8 >>= 0x1f;
0x00403aa4 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00403aa8 beqz t8, 0x403abc |
0x00403aac nop |
0x00403ab0 addiu t8, zero, -1 | t8 = -1;
0x00403ab4 b 0x403bd4 | goto label_0;
0x00403ab8 nop |
| }
0x00403abc addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00403ac0 move a0, t8 | a0 = t8;
0x00403ac4 lw a1, 0x1c(fp) | a1 = *(arg_1ch);
0x00403ac8 lw t8, -0x7f20(gp) | t8 = sym.imp.strcpy
0x00403acc move t9, t8 | t9 = t8;
0x00403ad0 jalr t9 | t9 ();
0x00403ad4 nop |
0x00403ad8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00403adc addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00403ae0 lw a0, 0x20(fp) | a0 = *(arg_20h);
0x00403ae4 ori a1, zero, 0x8927 | a1 = 0x8927;
0x00403ae8 move a2, t8 | a2 = t8;
0x00403aec lw t8, -0x7e0c(gp) | t8 = sym.imp.ioctl;
0x00403af0 move t9, t8 | t9 = t8;
0x00403af4 jalr t9 | t9 ();
0x00403af8 nop |
0x00403afc lw gp, 0x10(fp) | gp = *(arg_10h);
0x00403b00 move t8, v0 | t8 = v0;
0x00403b04 srl t8, t8, 0x1f | t8 >>= 0x1f;
0x00403b08 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00403b0c beqz t8, 0x403b90 |
0x00403b10 nop |
0x00403b14 lw t8, -0x7dcc(gp) | t8 = sym.imp.__errno_location;
0x00403b18 move t9, t8 | t9 = t8;
0x00403b1c jalr t9 | t9 ();
0x00403b20 nop |
0x00403b24 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00403b28 move t8, v0 | t8 = v0;
0x00403b2c lw t8, (t8) | t8 = *(t8);
0x00403b30 move a0, t8 | a0 = t8;
0x00403b34 lw t8, -0x7f00(gp) | t8 = sym.imp.strerror;
0x00403b38 move t9, t8 | t9 = t8;
0x00403b3c jalr t9 | t9 ();
0x00403b40 nop |
0x00403b44 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00403b48 move t8, v0 | t8 = v0;
0x00403b4c lw v0, -0x7fd4(gp) | v0 = *((gp - 8181));
| /* str.SIOCGIFHWADDR_fail:_s_n */
0x00403b50 addiu a0, v0, -0x5334 | a0 = v0 + -0x5334;
0x00403b54 move a1, t8 | a1 = t8;
0x00403b58 lw t8, -0x7f08(gp) | t8 = sym.imp.printf;
0x00403b5c move t9, t8 | t9 = t8;
0x00403b60 jalr t9 | t9 ();
0x00403b64 nop |
0x00403b68 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00403b6c lw a0, 0x20(fp) | a0 = *(arg_20h);
0x00403b70 lw t8, -0x7e88(gp) | t8 = sym.imp.close;
0x00403b74 move t9, t8 | t9 = t8;
0x00403b78 jalr t9 | t9 ();
0x00403b7c nop |
0x00403b80 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00403b84 addiu t8, zero, -1 | t8 = -1;
0x00403b88 b 0x403bd4 | goto label_0;
0x00403b8c nop |
| }
0x00403b90 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00403b94 addiu t8, t8, 0x12 | t8 += 0x12;
0x00403b98 lw a0, 0x18(fp) | a0 = *(arg_18h);
0x00403b9c move a1, t8 | a1 = t8;
0x00403ba0 addiu a2, zero, 6 | a2 = 6;
0x00403ba4 lw t8, -0x7de0(gp) | t8 = sym.imp.memcpy;
0x00403ba8 move t9, t8 | t9 = t8;
0x00403bac jalr t9 | t9 ();
0x00403bb0 nop |
0x00403bb4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00403bb8 lw a0, 0x20(fp) | a0 = *(arg_20h);
0x00403bbc lw t8, -0x7e88(gp) | t8 = sym.imp.close;
0x00403bc0 move t9, t8 | t9 = t8;
0x00403bc4 jalr t9 | t9 ();
0x00403bc8 nop |
0x00403bcc lw gp, 0x10(fp) | gp = *(arg_10h);
0x00403bd0 move t8, zero | t8 = 0;
| label_0:
0x00403bd4 move v0, t8 | v0 = t8;
0x00403bd8 lw t8, -0x7dd0(gp) | t8 = *((gp - 8052));
0x00403bdc lw v1, 0x44(fp) | v1 = *(arg_44h);
0x00403be0 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x00403be4 beq v1, t8, 0x403bfc |
0x00403be8 nop |
0x00403bec lw t8, -0x7e60(gp) | t8 = sym.imp.__stack_chk_fail;
0x00403bf0 move t9, t8 | t9 = t8;
0x00403bf4 jalr t9 | t9 ();
0x00403bf8 nop |
| }
0x00403bfc move sp, fp |
0x00403c00 lw ra, 0x4c(sp) | ra = *(var_4ch);
0x00403c04 lw fp, 0x48(sp) | fp = *(var_48h);
0x00403c08 addiu sp, sp, 0x50 |
0x00403c0c jr ra | return v1;
0x00403c10 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/wifiAutoReconnect @ 0x404738 */
| #include <stdint.h>
|
; (fcn) sym.rt_staConnStatus_int_ () | void rt_staConnStatus_int_ () {
| /* rt_staConnStatus(int*) */
0x00404738 lui gp, 2 |
0x0040473c addiu gp, gp, 0x8f8 |
0x00404740 addu gp, gp, t9 | gp += t9;
0x00404744 addiu sp, sp, -0x70 |
0x00404748 sw ra, 0x6c(sp) | *(var_6ch) = ra;
0x0040474c sw fp, 0x68(sp) | *(var_68h) = fp;
0x00404750 move fp, sp | fp = sp;
0x00404754 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00404758 sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x0040475c lw t8, -0x7dd0(gp) | t8 = *((gp - 8052));
0x00404760 lw t8, (t8) | t8 = *(t8);
0x00404764 sw t8, 0x64(fp) | *(arg_64h) = t8;
0x00404768 sw zero, 0x20(fp) | *(arg_20h) = 0;
0x0040476c addiu a0, zero, 2 | a0 = 2;
0x00404770 addiu a1, zero, 1 | a1 = 1;
0x00404774 move a2, zero | a2 = 0;
0x00404778 lw t8, -0x7ed0(gp) | t8 = sym.imp.socket;
0x0040477c move t9, t8 | t9 = t8;
0x00404780 jalr t9 | t9 ();
0x00404784 nop |
0x00404788 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040478c sw v0, 0x24(fp) | *(arg_24h) = v0;
0x00404790 lw t8, 0x24(fp) | t8 = *(arg_24h);
| if (t8 < 0) {
0x00404794 bgez t8, 0x4047c4 |
0x00404798 nop |
0x0040479c lw t8, -0x7fd4(gp) | t8 = *((gp - 8181));
| /* str.rt_staConnStatus */
0x004047a0 addiu a0, t8, -0x517c | a0 = t8 + -0x517c;
0x004047a4 lw t8, -0x7ea8(gp) | t8 = sym.imp.perror;
0x004047a8 move t9, t8 | t9 = t8;
0x004047ac jalr t9 | t9 ();
0x004047b0 nop |
0x004047b4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004047b8 addiu t8, zero, -1 | t8 = -1;
0x004047bc b 0x4048b4 | goto label_0;
0x004047c0 nop |
| }
0x004047c4 addiu t8, fp, 0x48 | t8 = fp + 0x48;
0x004047c8 lui v0, 0x30 | v0 = 0x306172;
0x004047cc ori v0, v0, 0x6172 |
0x004047d0 sw v0, (t8) | *(t8) = v0;
0x004047d4 addiu v0, fp, 0x28 | v0 = fp + 0x28;
0x004047d8 addiu t8, fp, 0x48 | t8 = fp + 0x48;
0x004047dc move a0, v0 | a0 = v0;
0x004047e0 move a1, t8 | a1 = t8;
0x004047e4 lw t8, -0x7f20(gp) | t8 = sym.imp.strcpy
0x004047e8 move t9, t8 | t9 = t8;
0x004047ec jalr t9 | t9 ();
0x004047f0 nop |
0x004047f4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004047f8 addiu t8, zero, 4 | t8 = 4;
0x004047fc sh t8, 0x3c(fp) | *(arg_3ch) = t8;
0x00404800 addiu t8, fp, 0x20 | t8 = fp + 0x20;
0x00404804 sw t8, 0x38(fp) | *(arg_38h) = t8;
0x00404808 addiu t8, zero, 0x60b | t8 = 0x60b;
0x0040480c sh t8, 0x3e(fp) | *(arg_3eh) = t8;
0x00404810 addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x00404814 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x00404818 ori a1, zero, 0x8be1 | a1 = 0x8be1;
0x0040481c move a2, t8 | a2 = t8;
0x00404820 lw t8, -0x7e0c(gp) | t8 = sym.imp.ioctl;
0x00404824 move t9, t8 | t9 = t8;
0x00404828 jalr t9 | t9 ();
0x0040482c nop |
0x00404830 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404834 move t8, v0 | t8 = v0;
0x00404838 srl t8, t8, 0x1f | t8 >>= 0x1f;
0x0040483c andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00404840 beqz t8, 0x404888 |
0x00404844 nop |
0x00404848 lw t8, -0x7fd4(gp) | t8 = *((gp - 8181));
| /* str.OID_GEN_MEDIA_CONNECT_STATUS */
0x0040484c addiu a0, t8, -0x5168 | a0 = t8 + -0x5168;
0x00404850 lw t8, -0x7ea8(gp) | t8 = sym.imp.perror;
0x00404854 move t9, t8 | t9 = t8;
0x00404858 jalr t9 | t9 ();
0x0040485c nop |
0x00404860 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404864 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x00404868 lw t8, -0x7e88(gp) | t8 = sym.imp.close;
0x0040486c move t9, t8 | t9 = t8;
0x00404870 jalr t9 | t9 ();
0x00404874 nop |
0x00404878 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040487c addiu t8, zero, -1 | t8 = -1;
0x00404880 b 0x4048b4 | goto label_0;
0x00404884 nop |
| }
0x00404888 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x0040488c move v0, t8 | v0 = t8;
0x00404890 lw t8, 0x1c(fp) | t8 = *(arg_1ch);
0x00404894 sw v0, (t8) | *(t8) = v0;
0x00404898 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x0040489c lw t8, -0x7e88(gp) | t8 = sym.imp.close;
0x004048a0 move t9, t8 | t9 = t8;
0x004048a4 jalr t9 | t9 ();
0x004048a8 nop |
0x004048ac lw gp, 0x10(fp) | gp = *(arg_10h);
0x004048b0 move t8, zero | t8 = 0;
| label_0:
0x004048b4 move v0, t8 | v0 = t8;
0x004048b8 lw t8, -0x7dd0(gp) | t8 = *((gp - 8052));
0x004048bc lw v1, 0x64(fp) | v1 = *(arg_64h);
0x004048c0 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x004048c4 beq v1, t8, 0x4048dc |
0x004048c8 nop |
0x004048cc lw t8, -0x7e60(gp) | t8 = sym.imp.__stack_chk_fail;
0x004048d0 move t9, t8 | t9 = t8;
0x004048d4 jalr t9 | t9 ();
0x004048d8 nop |
| }
0x004048dc move sp, fp |
0x004048e0 lw ra, 0x6c(sp) | ra = *(var_6ch);
0x004048e4 lw fp, 0x68(sp) | fp = *(var_68h);
0x004048e8 addiu sp, sp, 0x70 |
0x004048ec jr ra | return v1;
0x004048f0 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/wifiAutoReconnect @ 0x4049c8 */
| #include <stdint.h>
|
; (fcn) sym.wifiCheckLinkApCli_char_ () | void wifiCheckLinkApCli_char_ () {
| /* wifiCheckLinkApCli(char*) */
0x004049c8 lui gp, 2 |
0x004049cc addiu gp, gp, 0x668 |
0x004049d0 addu gp, gp, t9 | gp += t9;
0x004049d4 addiu sp, sp, -0x58 |
0x004049d8 sw ra, 0x54(sp) | *(var_54h) = ra;
0x004049dc sw fp, 0x50(sp) | *(var_50h) = fp;
0x004049e0 move fp, sp | fp = sp;
0x004049e4 sw gp, 0x10(sp) | *(var_10h) = gp;
0x004049e8 sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x004049ec lw t8, -0x7dd0(gp) | t8 = *((gp - 8052));
0x004049f0 lw t8, (t8) | t8 = *(t8);
0x004049f4 sw t8, 0x4c(fp) | *(arg_4ch) = t8;
0x004049f8 addiu a0, zero, 2 | a0 = 2;
0x004049fc addiu a1, zero, 1 | a1 = 1;
0x00404a00 move a2, zero | a2 = 0;
0x00404a04 lw t8, -0x7ed0(gp) | t8 = sym.imp.socket;
0x00404a08 move t9, t8 | t9 = t8;
0x00404a0c jalr t9 | t9 ();
0x00404a10 nop |
0x00404a14 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404a18 sw v0, 0x28(fp) | *(arg_28h) = v0;
0x00404a1c lw t8, 0x28(fp) | t8 = *(arg_28h);
| if (t8 < 0) {
0x00404a20 bgez t8, 0x404a34 |
0x00404a24 nop |
0x00404a28 move t8, zero | t8 = 0;
0x00404a2c b 0x404b04 | goto label_0;
0x00404a30 nop |
| }
0x00404a34 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00404a38 move a0, t8 | a0 = t8;
0x00404a3c move a1, zero | a1 = 0;
0x00404a40 addiu a2, zero, 0x20 | a2 = 0x20;
0x00404a44 lw t8, -0x7ea4(gp) | t8 = sym.imp.memset;
0x00404a48 move t9, t8 | t9 = t8;
0x00404a4c jalr t9 | t9 ();
0x00404a50 nop |
0x00404a54 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404a58 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00404a5c move a0, t8 | a0 = t8;
0x00404a60 lw a1, 0x1c(fp) | a1 = *(arg_1ch);
0x00404a64 lw t8, -0x7f20(gp) | t8 = sym.imp.strcpy
0x00404a68 move t9, t8 | t9 = t8;
0x00404a6c jalr t9 | t9 ();
0x00404a70 nop |
0x00404a74 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404a78 addiu t8, zero, 4 | t8 = 4;
0x00404a7c sh t8, 0x40(fp) | *(arg_40h) = t8;
0x00404a80 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00404a84 sw t8, 0x3c(fp) | *(arg_3ch) = t8;
0x00404a88 addiu t8, zero, 0x626 | t8 = 0x626;
0x00404a8c sh t8, 0x42(fp) | *(arg_42h) = t8;
0x00404a90 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00404a94 lw a0, 0x28(fp) | a0 = *(arg_28h);
0x00404a98 ori a1, zero, 0x8be1 | a1 = 0x8be1;
0x00404a9c move a2, t8 | a2 = t8;
0x00404aa0 lw t8, -0x7e0c(gp) | t8 = sym.imp.ioctl;
0x00404aa4 move t9, t8 | t9 = t8;
0x00404aa8 jalr t9 | t9 ();
0x00404aac nop |
0x00404ab0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404ab4 lw a0, 0x28(fp) | a0 = *(arg_28h);
0x00404ab8 lw t8, -0x7e88(gp) | t8 = sym.imp.close;
0x00404abc move t9, t8 | t9 = t8;
0x00404ac0 jalr t9 | t9 ();
0x00404ac4 nop |
0x00404ac8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404acc lw v0, 0x24(fp) | v0 = *(arg_24h);
0x00404ad0 addiu t8, zero, 1 | t8 = 1;
| if (v0 == t8) {
0x00404ad4 bne v0, t8, 0x404ae8 |
0x00404ad8 nop |
0x00404adc addiu t8, zero, 1 | t8 = 1;
0x00404ae0 b 0x404b04 | goto label_0;
0x00404ae4 nop |
| }
0x00404ae8 lw t8, 0x24(fp) | t8 = *(arg_24h);
| if (t8 == 0) {
0x00404aec bnez t8, 0x404b00 |
0x00404af0 nop |
0x00404af4 move t8, zero | t8 = 0;
0x00404af8 b 0x404b04 | goto label_0;
0x00404afc nop |
| }
0x00404b00 move t8, zero | t8 = 0;
| label_0:
0x00404b04 move v0, t8 | v0 = t8;
0x00404b08 lw t8, -0x7dd0(gp) | t8 = *((gp - 8052));
0x00404b0c lw v1, 0x4c(fp) | v1 = *(arg_4ch);
0x00404b10 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x00404b14 beq v1, t8, 0x404b2c |
0x00404b18 nop |
0x00404b1c lw t8, -0x7e60(gp) | t8 = sym.imp.__stack_chk_fail;
0x00404b20 move t9, t8 | t9 = t8;
0x00404b24 jalr t9 | t9 ();
0x00404b28 nop |
| }
0x00404b2c move sp, fp |
0x00404b30 lw ra, 0x54(sp) | ra = *(var_54h);
0x00404b34 lw fp, 0x50(sp) | fp = *(var_50h);
0x00404b38 addiu sp, sp, 0x58 |
0x00404b3c jr ra | return v1;
0x00404b40 nop |
| }
[*] Function strcpy used 4 times wifiAutoReconnect
