[*] Binary protection state of setsystz
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function fprintf tear down of setsystz
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/bin/setsystz @ 0x400f04 */
| #include <stdint.h>
|
; (fcn) main () | int32_t main () {
0x00400f04 lui gp, 2 |
0x00400f08 addiu gp, gp, -0x2ee4 |
0x00400f0c addu gp, gp, t9 | gp += t9;
0x00400f10 addiu sp, sp, -0x40 |
0x00400f14 sw ra, 0x3c(sp) | *(var_3ch) = ra;
0x00400f18 sw fp, 0x38(sp) | *(var_38h) = fp;
0x00400f1c move fp, sp | fp = sp;
0x00400f20 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00400f24 sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x00400f28 sw a1, 0x18(fp) | *(arg_18h) = a1;
0x00400f2c lw t8, -0x7f6c(gp) | t8 = *((gp - 8155));
0x00400f30 lw t8, (t8) | t8 = *(t8);
0x00400f34 sw t8, 0x34(fp) | *(arg_34h) = t8;
0x00400f38 lw t8, -0x7f68(gp) | t8 = sym.imp.apply_timezone__;
0x00400f3c move t9, t8 | t9 = t8;
0x00400f40 jalr t9 | t9 ();
0x00400f44 nop |
0x00400f48 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00400f4c sw zero, 0x28(fp) | *(arg_28h) = 0;
0x00400f50 lw v0, 0x1c(fp) | v0 = *(arg_1ch);
0x00400f54 addiu t8, zero, 1 | t8 = 1;
| if (v0 == t8) {
0x00400f58 bne v0, t8, 0x400f84 |
0x00400f5c nop |
0x00400f60 lw t8, -0x7fd8(gp) | t8 = sym.auto_minutes__;
0x00400f64 move t9, t8 | t9 = t8;
0x00400f68 jalr t9 | t9 ();
0x00400f6c nop |
0x00400f70 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00400f74 move t8, v0 | t8 = v0;
0x00400f78 sw t8, 0x24(fp) | *(arg_24h) = t8;
0x00400f7c b 0x401070 | goto label_0;
0x00400f80 nop |
| }
0x00400f84 lw v0, 0x1c(fp) | v0 = *(arg_1ch);
0x00400f88 addiu t8, zero, 2 | t8 = 2;
| if (v0 == t8) {
0x00400f8c bne v0, t8, 0x40102c |
0x00400f90 nop |
0x00400f94 lw t8, 0x18(fp) | t8 = *(arg_18h);
0x00400f98 addiu t8, t8, 4 | t8 += 4;
0x00400f9c lw v0, (t8) | v0 = *(t8);
0x00400fa0 addiu t8, fp, 0x24 | t8 = fp + 0x24;
0x00400fa4 move a0, v0 | a0 = v0;
0x00400fa8 lw v0, -0x7fdc(gp) | v0 = *(gp);
| /* esilref: '&d' */
0x00400fac addiu a1, v0, 0x50b4 | a1 = v0 + 0x50b4;
0x00400fb0 move a2, t8 | a2 = t8;
0x00400fb4 lw t8, -0x7f9c(gp) | t8 = sym.imp.sscanf;
0x00400fb8 move t9, t8 | t9 = t8;
0x00400fbc jalr t9 | t9 ();
0x00400fc0 nop |
0x00400fc4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00400fc8 move t8, v0 | t8 = v0;
0x00400fcc xori t8, t8, 1 | t8 ^= 1;
0x00400fd0 sltu t8, zero, t8 | t8 = (0 < t8) ? 1 : 0;
0x00400fd4 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 == 0) {
0x00400fd8 beqz t8, 0x401070 | goto label_0;
| }
0x00400fdc nop |
0x00400fe0 lw t8, -0x7f90(gp) | t8 = *((gp - 8164));
0x00400fe4 lw v0, (t8) | v0 = *(t8);
0x00400fe8 lw t8, 0x18(fp) | t8 = *(arg_18h);
0x00400fec addiu t8, t8, 4 | t8 += 4;
0x00400ff0 lw t8, (t8) | t8 = *(t8);
0x00400ff4 move a0, v0 | a0 = v0;
0x00400ff8 lw v0, -0x7fdc(gp) | v0 = *(gp);
| /* str.invalid_argument:__s_n */
0x00400ffc addiu a1, v0, 0x50b8 | a1 = v0 + 0x50b8;
0x00401000 move a2, t8 | a2 = t8;
0x00401004 lw t8, -0x7fa8(gp) | t8 = sym.imp.fprintf
0x00401008 move t9, t8 | t9 = t8;
0x0040100c jalr t9 | t9 ();
0x00401010 nop |
0x00401014 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401018 addiu a0, zero, 2 | a0 = 2;
0x0040101c lw t8, -0x7fb0(gp) | t8 = sym.imp.exit;
0x00401020 move t9, t8 | t9 = t8;
0x00401024 jalr t9 | t9 ();
0x00401028 nop |
| }
0x0040102c lw t8, -0x7f90(gp) | t8 = *((gp - 8164));
0x00401030 lw t8, (t8) | t8 = *(t8);
0x00401034 lw v0, -0x7fdc(gp) | v0 = *(gp);
| /* str.wrong_number_or_arguments_n */
0x00401038 addiu a0, v0, 0x50d0 | a0 = v0 + 0x50d0;
0x0040103c addiu a1, zero, 1 | a1 = 1;
0x00401040 addiu a2, zero, 0x1a | a2 = 0x1a;
0x00401044 move a3, t8 | a3 = t8;
0x00401048 lw t8, -0x7f70(gp) | t8 = sym.imp.fwrite;
0x0040104c move t9, t8 | t9 = t8;
0x00401050 jalr t9 | t9 ();
0x00401054 nop |
0x00401058 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040105c addiu a0, zero, 2 | a0 = 2;
0x00401060 lw t8, -0x7fb0(gp) | t8 = sym.imp.exit;
0x00401064 move t9, t8 | t9 = t8;
0x00401068 jalr t9 | t9 ();
0x0040106c nop |
| label_0:
0x00401070 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x00401074 move a0, t8 | a0 = t8;
0x00401078 move a1, zero | a1 = 0;
0x0040107c addiu a2, zero, 8 | a2 = 8;
0x00401080 lw t8, -0x7fa0(gp) | t8 = sym.imp.memset;
0x00401084 move t9, t8 | t9 = t8;
0x00401088 jalr t9 | t9 ();
0x0040108c nop |
0x00401090 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401094 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00401098 sw t8, 0x2c(fp) | *(arg_2ch) = t8;
0x0040109c sw zero, 0x30(fp) | *(arg_30h) = 0;
0x004010a0 lw t8, -0x7f90(gp) | t8 = *((gp - 8164));
0x004010a4 lw v0, (t8) | v0 = *(t8);
0x004010a8 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x004010ac move a0, v0 | a0 = v0;
0x004010b0 lw v0, -0x7fdc(gp) | v0 = *(gp);
| /* str.setting_system_time_zone_to_tz_minuteswest_d_n */
0x004010b4 addiu a1, v0, 0x50ec | a1 = v0 + 0x50ec;
0x004010b8 move a2, t8 | a2 = t8;
0x004010bc lw t8, -0x7fa8(gp) | t8 = sym.imp.fprintf
0x004010c0 move t9, t8 | t9 = t8;
0x004010c4 jalr t9 | t9 ();
0x004010c8 nop |
0x004010cc lw gp, 0x10(fp) | gp = *(arg_10h);
0x004010d0 lw t8, -0x7fd4(gp) | t8 = sym.avoid_linux_braindeadness__;
0x004010d4 move t9, t8 | t9 = t8;
0x004010d8 jalr t9 | t9 ();
0x004010dc nop |
0x004010e0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004010e4 addiu t8, fp, 0x2c | t8 = fp + 0x2c;
0x004010e8 lw a0, 0x28(fp) | a0 = *(arg_28h);
0x004010ec move a1, t8 | a1 = t8;
0x004010f0 lw t8, -0x7f7c(gp) | t8 = sym.imp.settimeofday;
0x004010f4 move t9, t8 | t9 = t8;
0x004010f8 jalr t9 | t9 ();
0x004010fc nop |
0x00401100 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401104 move t8, v0 | t8 = v0;
0x00401108 addiu t8, t8, 1 | t8++;
0x0040110c sltiu t8, t8, 1 | t8 = (t8 < 1) ? 1 : 0;
0x00401110 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x00401114 beqz t8, 0x40114c |
0x00401118 nop |
0x0040111c lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str.settimeofday__ */
0x00401120 addiu a0, t8, 0x511c | a0 = t8 + 0x511c;
0x00401124 lw t8, -0x7fa4(gp) | t8 = sym.imp.perror;
0x00401128 move t9, t8 | t9 = t8;
0x0040112c jalr t9 | t9 ();
0x00401130 nop |
0x00401134 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00401138 addiu a0, zero, 1 | a0 = 1;
0x0040113c lw t8, -0x7fb0(gp) | t8 = sym.imp.exit;
0x00401140 move t9, t8 | t9 = t8;
0x00401144 jalr t9 | t9 ();
0x00401148 nop |
| }
0x0040114c move t8, zero | t8 = 0;
0x00401150 move v0, t8 | v0 = t8;
0x00401154 lw t8, -0x7f6c(gp) | t8 = *((gp - 8155));
0x00401158 lw v1, 0x34(fp) | v1 = *(arg_34h);
0x0040115c lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x00401160 beq v1, t8, 0x401178 |
0x00401164 nop |
0x00401168 lw t8, -0x7f88(gp) | t8 = sym.imp.__stack_chk_fail;
0x0040116c move t9, t8 | t9 = t8;
0x00401170 jalr t9 | t9 ();
0x00401174 nop |
| }
0x00401178 move sp, fp |
0x0040117c lw ra, 0x3c(sp) | ra = *(var_3ch);
0x00401180 lw fp, 0x38(sp) | fp = *(var_38h);
0x00401184 addiu sp, sp, 0x40 |
0x00401188 jr ra | return v1;
0x0040118c nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/bin/setsystz @ 0x400cd0 */
| #include <stdint.h>
|
; (fcn) sym.auto_minutes__ () | void auto_minutes_ () {
| /* auto_minutes() */
0x00400cd0 lui gp, 2 |
0x00400cd4 addiu gp, gp, -0x2cb0 |
0x00400cd8 addu gp, gp, t9 | gp += t9;
0x00400cdc addiu sp, sp, -0x30 |
0x00400ce0 sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x00400ce4 sw fp, 0x28(sp) | *(var_28h) = fp;
0x00400ce8 move fp, sp | fp = sp;
0x00400cec sw gp, 0x10(sp) | *(var_10h) = gp;
0x00400cf0 lw t8, -0x7f6c(gp) | t8 = *((gp - 8155));
0x00400cf4 lw t8, (t8) | t8 = *(t8);
0x00400cf8 sw t8, 0x24(fp) | *(arg_24h) = t8;
0x00400cfc move a0, zero | a0 = 0;
0x00400d00 lw t8, -0x7f8c(gp) | t8 = sym.imp.time;
0x00400d04 move t9, t8 | t9 = t8;
0x00400d08 jalr t9 | t9 ();
0x00400d0c nop |
0x00400d10 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00400d14 move t8, v0 | t8 = v0;
0x00400d18 sw t8, 0x18(fp) | *(arg_18h) = t8;
0x00400d1c addiu t8, fp, 0x18 | t8 = fp + 0x18;
0x00400d20 move a0, t8 | a0 = t8;
0x00400d24 lw t8, -0x7f98(gp) | t8 = sym.imp.localtime;
0x00400d28 move t9, t8 | t9 = t8;
0x00400d2c jalr t9 | t9 ();
0x00400d30 nop |
0x00400d34 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00400d38 sw v0, 0x1c(fp) | *(arg_1ch) = v0;
0x00400d3c lw t8, 0x1c(fp) | t8 = *(arg_1ch);
0x00400d40 lw t8, 0x24(t8) | t8 = *((t8 + 9));
0x00400d44 sw t8, 0x20(fp) | *(arg_20h) = t8;
0x00400d48 lw t8, -0x7f90(gp) | t8 = *((gp - 8164));
0x00400d4c lw t8, (t8) | t8 = *(t8);
0x00400d50 move a0, t8 | a0 = t8;
0x00400d54 lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str.GMT_offset_lds_n */
0x00400d58 addiu a1, t8, 0x5060 | a1 = t8 + 0x5060;
0x00400d5c lw a2, 0x20(fp) | a2 = *(arg_20h);
0x00400d60 lw t8, -0x7fa8(gp) | t8 = sym.imp.fprintf
0x00400d64 move t9, t8 | t9 = t8;
0x00400d68 jalr t9 | t9 ();
0x00400d6c nop |
0x00400d70 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00400d74 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x00400d78 lui v0, 0x8888 | v0 = 0x88888889;
0x00400d7c ori v0, v0, 0x8889 |
0x00400d80 mult t8, v0 | __asm ("mult t8, v0");
0x00400d84 mfhi v0 | __asm ("mfhi v0");
0x00400d88 addu v0, v0, t8 | v0 += t8;
0x00400d8c sra v1, v0, 5 | v1 = v0 >> 5;
0x00400d90 sra v0, t8, 0x1f | v0 = t8 >> 0x1f;
0x00400d94 subu v0, v1, v0 | __asm ("subu v0, v1, v0");
0x00400d98 sll v0, v0, 2 | v0 <<= 2;
0x00400d9c sll v1, v0, 4 | v1 = v0 << 4;
0x00400da0 subu v1, v1, v0 | __asm ("subu v1, v1, v0");
0x00400da4 subu v0, t8, v1 | __asm ("subu v0, t8, v1");
| if (v0 != 0) {
0x00400da8 beqz v0, 0x400ddc |
0x00400dac nop |
0x00400db0 lw t8, -0x7f90(gp) | t8 = *((gp - 8164));
0x00400db4 lw t8, (t8) | t8 = *(t8);
0x00400db8 move a0, t8 | a0 = t8;
0x00400dbc lw t8, -0x7fdc(gp) | t8 = *(gp);
| /* str.warning:_GMT_offset__lds_is_not_an_integer_number_of_minutes_n */
0x00400dc0 addiu a1, t8, 0x5074 | a1 = t8 + 0x5074;
0x00400dc4 lw a2, 0x20(fp) | a2 = *(arg_20h);
0x00400dc8 lw t8, -0x7fa8(gp) | t8 = sym.imp.fprintf
0x00400dcc move t9, t8 | t9 = t8;
0x00400dd0 jalr t9 | t9 ();
0x00400dd4 nop |
0x00400dd8 lw gp, 0x10(fp) | gp = *(arg_10h);
| }
0x00400ddc lw t8, 0x20(fp) | t8 = *(arg_20h);
0x00400de0 lui v0, 0x8888 | v0 = 0x88888889;
0x00400de4 ori v0, v0, 0x8889 |
0x00400de8 mult t8, v0 | __asm ("mult t8, v0");
0x00400dec mfhi v0 | __asm ("mfhi v0");
0x00400df0 addu v0, v0, t8 | v0 += t8;
0x00400df4 sra v0, v0, 5 | v0 >>= 5;
0x00400df8 sra t8, t8, 0x1f | t8 >>= 0x1f;
0x00400dfc subu t8, v0, t8 | __asm ("subu t8, v0, t8");
0x00400e00 sw t8, 0x20(fp) | *(arg_20h) = t8;
0x00400e04 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x00400e08 negu t8, t8 | __asm ("negu t8, t8");
0x00400e0c move v0, t8 | v0 = t8;
0x00400e10 lw t8, -0x7f6c(gp) | t8 = *((gp - 8155));
0x00400e14 lw v1, 0x24(fp) | v1 = *(arg_24h);
0x00400e18 lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x00400e1c beq v1, t8, 0x400e34 |
0x00400e20 nop |
0x00400e24 lw t8, -0x7f88(gp) | t8 = sym.imp.__stack_chk_fail;
0x00400e28 move t9, t8 | t9 = t8;
0x00400e2c jalr t9 | t9 ();
0x00400e30 nop |
| }
0x00400e34 move sp, fp |
0x00400e38 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x00400e3c lw fp, 0x28(sp) | fp = *(var_28h);
0x00400e40 addiu sp, sp, 0x30 |
0x00400e44 jr ra | return v1;
0x00400e48 nop |
| }
[*] Function fprintf used 5 times setsystz
