[*] Binary protection state of discovery
Full RELRO Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function printf tear down of discovery
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/discovery @ 0x40b918 */
| #include <stdint.h>
|
; (fcn) method.Listener.setupV4_int__char_const_ () | void method_Listener_setupV4_int_char_const_ () {
| /* Listener::setupV4(int, char const*) */
0x0040b918 lui gp, 4 |
0x0040b91c addiu gp, gp, -0x58a8 |
0x0040b920 addu gp, gp, t9 | gp += t9;
0x0040b924 addiu sp, sp, -0x78 |
0x0040b928 sw ra, 0x74(sp) | *(var_74h) = ra;
0x0040b92c sw fp, 0x70(sp) | *(var_70h) = fp;
0x0040b930 sw s2, 0x6c(sp) | *(var_6ch) = s2;
0x0040b934 sw s1, 0x68(sp) | *(var_68h) = s1;
0x0040b938 sw s0, 0x64(sp) | *(var_64h) = s0;
0x0040b93c move fp, sp | fp = sp;
0x0040b940 sw gp, 0x18(sp) | *(var_18h) = gp;
0x0040b944 sw a0, 0x2c(fp) | *(arg_2ch) = a0;
0x0040b948 sw a1, 0x28(fp) | *(arg_28h) = a1;
0x0040b94c sw a2, 0x24(fp) | *(arg_24h) = a2;
0x0040b950 lw t8, -0x7c04(gp) | t8 = *((gp - 7937));
0x0040b954 lw t8, (t8) | t8 = *(t8);
0x0040b958 sw t8, 0x5c(fp) | *(arg_5ch) = t8;
0x0040b95c lw t8, 0x24(fp) | t8 = *(arg_24h);
| if (t8 == 0) {
0x0040b960 bnez t8, 0x40b974 |
0x0040b964 nop |
0x0040b968 addiu t8, zero, -1 | t8 = -1;
0x0040b96c b 0x40be20 | goto label_0;
0x0040b970 nop |
| }
0x0040b974 lw a0, -0x7ce8(gp) | a0 = *((gp - 7994));
0x0040b978 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.bind4_address: */
0x0040b97c addiu a1, t8, 0x6c20 | a1 = t8 + 0x6c20;
0x0040b980 lw t8, -0x7c88(gp) | t8 = *(gp);
0x0040b984 move t9, t8 | t9 = t8;
0x0040b988 jalr t9 | t9 ();
0x0040b98c nop |
0x0040b990 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040b994 move t8, v0 | t8 = v0;
0x0040b998 move a0, t8 | a0 = t8;
0x0040b99c lw a1, 0x24(fp) | a1 = *(arg_24h);
0x0040b9a0 lw t8, -0x7c88(gp) | t8 = *(gp);
0x0040b9a4 move t9, t8 | t9 = t8;
0x0040b9a8 jalr t9 | t9 ();
0x0040b9ac nop |
0x0040b9b0 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040b9b4 move t8, v0 | t8 = v0;
0x0040b9b8 move a0, t8 | a0 = t8;
0x0040b9bc lw a1, -0x7d74(gp) | a1 = *((gp - 8029));
0x0040b9c0 lw t8, -0x7d58(gp) | t8 = *(gp);
0x0040b9c4 move t9, t8 | t9 = t8;
0x0040b9c8 jalr t9 | t9 ();
0x0040b9cc nop |
0x0040b9d0 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040b9d4 addiu t8, zero, -1 | t8 = -1;
0x0040b9d8 sw t8, 0x40(fp) | *(arg_40h) = t8;
0x0040b9dc addiu t8, zero, 1 | t8 = 1;
0x0040b9e0 sw t8, 0x34(fp) | *(arg_34h) = t8;
0x0040b9e4 addiu t8, fp, 0x4c | t8 = fp + 0x4c;
0x0040b9e8 move a0, t8 | a0 = t8;
0x0040b9ec move a1, zero | a1 = 0;
0x0040b9f0 addiu a2, zero, 0x10 | a2 = 0x10;
0x0040b9f4 lw t8, -0x7d04(gp) | t8 = sym.imp.memset;
0x0040b9f8 move t9, t8 | t9 = t8;
0x0040b9fc jalr t9 | t9 ();
0x0040ba00 nop |
0x0040ba04 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040ba08 addiu t8, zero, 2 | t8 = 2;
0x0040ba0c sh t8, 0x4c(fp) | *(arg_4ch) = t8;
0x0040ba10 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x0040ba14 andi t8, t8, 0xffff | t8 &= 0xffff;
0x0040ba18 move a0, t8 | a0 = t8;
0x0040ba1c lw t8, -0x7bfc(gp) | t8 = sym.imp.htons;
0x0040ba20 move t9, t8 | t9 = t8;
0x0040ba24 jalr t9 | t9 ();
0x0040ba28 nop |
0x0040ba2c lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040ba30 move t8, v0 | t8 = v0;
0x0040ba34 sh t8, 0x4e(fp) | *(arg_4eh) = t8;
0x0040ba38 move a0, zero | a0 = 0;
0x0040ba3c lw t8, -0x7c8c(gp) | t8 = sym.imp.htonl;
0x0040ba40 move t9, t8 | t9 = t8;
0x0040ba44 jalr t9 | t9 ();
0x0040ba48 nop |
0x0040ba4c lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040ba50 move t8, v0 | t8 = v0;
0x0040ba54 sw t8, 0x50(fp) | *(arg_50h) = t8;
0x0040ba58 addiu a0, zero, 2 | a0 = 2;
0x0040ba5c addiu a1, zero, 1 | a1 = 1;
0x0040ba60 addiu a2, zero, 0x11 | a2 = 0x11;
0x0040ba64 lw t8, -0x7d48(gp) | t8 = sym.imp.socket;
0x0040ba68 move t9, t8 | t9 = t8;
0x0040ba6c jalr t9 | t9 ();
0x0040ba70 nop |
0x0040ba74 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040ba78 sw v0, 0x40(fp) | *(arg_40h) = v0;
0x0040ba7c addiu t8, fp, 0x34 | t8 = fp + 0x34;
0x0040ba80 addiu v0, zero, 4 | v0 = 4;
0x0040ba84 sw v0, 0x10(sp) | *(var_10h) = v0;
0x0040ba88 lw a0, 0x40(fp) | a0 = *(arg_40h);
0x0040ba8c ori a1, zero, 0xffff | a1 = 0xffff;
0x0040ba90 addiu a2, zero, 4 | a2 = 4;
0x0040ba94 move a3, t8 | a3 = t8;
0x0040ba98 lw t8, -0x7cb8(gp) | t8 = sym.imp.setsockopt;
0x0040ba9c move t9, t8 | t9 = t8;
0x0040baa0 jalr t9 | t9 ();
0x0040baa4 nop |
0x0040baa8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040baac move t8, v0 | t8 = v0;
0x0040bab0 srl t8, t8, 0x1f | t8 >>= 0x1f;
0x0040bab4 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x0040bab8 beqz t8, 0x40badc |
0x0040babc nop |
0x0040bac0 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.SO_REUSEADDR:ERROR */
0x0040bac4 addiu a0, t8, 0x6c30 | a0 = t8 + 0x6c30;
0x0040bac8 lw t8, -0x7d18(gp) | t8 = sym.imp.perror;
0x0040bacc move t9, t8 | t9 = t8;
0x0040bad0 jalr t9 | t9 ();
0x0040bad4 nop |
0x0040bad8 lw gp, 0x18(fp) | gp = *(arg_18h);
| }
0x0040badc addiu t8, fp, 0x4c | t8 = fp + 0x4c;
0x0040bae0 lw a0, 0x40(fp) | a0 = *(arg_40h);
0x0040bae4 move a1, t8 | a1 = t8;
0x0040bae8 addiu a2, zero, 0x10 | a2 = 0x10;
0x0040baec lw t8, -0x7bec(gp) | t8 = sym.imp.bind;
0x0040baf0 move t9, t8 | t9 = t8;
0x0040baf4 jalr t9 | t9 ();
0x0040baf8 nop |
0x0040bafc lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040bb00 move t8, v0 | t8 = v0;
0x0040bb04 srl t8, t8, 0x1f | t8 >>= 0x1f;
0x0040bb08 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x0040bb0c beqz t8, 0x40bb60 |
0x0040bb10 nop |
0x0040bb14 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.bind4_failed_ */
0x0040bb18 addiu a0, t8, 0x6c44 | a0 = t8 + 0x6c44;
0x0040bb1c lw t8, -0x7d94(gp) | t8 = sym.imp.puts;
0x0040bb20 move t9, t8 | t9 = t8;
0x0040bb24 jalr t9 | t9 ();
0x0040bb28 nop |
0x0040bb2c lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040bb30 lw t8, 0x40(fp) | t8 = *(arg_40h);
| if (t8 >= 0) {
0x0040bb34 bltz t8, 0x40bb54 |
0x0040bb38 nop |
0x0040bb3c lw a0, 0x40(fp) | a0 = *(arg_40h);
0x0040bb40 lw t8, -0x7cec(gp) | t8 = sym.imp.close;
0x0040bb44 move t9, t8 | t9 = t8;
0x0040bb48 jalr t9 | t9 ();
0x0040bb4c nop |
0x0040bb50 lw gp, 0x18(fp) | gp = *(arg_18h);
| }
0x0040bb54 addiu t8, zero, -1 | t8 = -1;
0x0040bb58 b 0x40be20 | goto label_0;
0x0040bb5c nop |
| }
0x0040bb60 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.sock4:__d_n */
0x0040bb64 addiu a0, t8, 0x6c54 | a0 = t8 + 0x6c54;
0x0040bb68 lw a1, 0x40(fp) | a1 = *(arg_40h);
0x0040bb6c lw t8, -0x7d8c(gp) | t8 = sym.imp.printf
0x0040bb70 move t9, t8 | t9 = t8;
0x0040bb74 jalr t9 | t9 ();
0x0040bb78 nop |
0x0040bb7c lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040bb80 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x0040bb84 addiu t8, t8, 0x23c | t8 += 0x23c;
0x0040bb88 move a0, t8 | a0 = t8;
0x0040bb8c lw t8, -0x7c20(gp) | t8 = *(gp);
0x0040bb90 move t9, t8 | t9 = t8;
0x0040bb94 jalr t9 | t9 ();
0x0040bb98 nop |
0x0040bb9c lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040bba0 move s0, v0 | s0 = v0;
0x0040bba4 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x0040bba8 addiu t8, t8, 0x23c | t8 += 0x23c;
0x0040bbac move a0, t8 | a0 = t8;
0x0040bbb0 lw t8, -0x7c68(gp) | t8 = *(gp);
0x0040bbb4 move t9, t8 | t9 = t8;
0x0040bbb8 jalr t9 | t9 ();
0x0040bbbc nop |
0x0040bbc0 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040bbc4 move t8, v0 | t8 = v0;
0x0040bbc8 sw t8, 0x10(sp) | *(var_10h) = t8;
0x0040bbcc lw a0, 0x40(fp) | a0 = *(arg_40h);
0x0040bbd0 ori a1, zero, 0xffff | a1 = 0xffff;
0x0040bbd4 addiu a2, zero, 0x19 | a2 = 0x19;
0x0040bbd8 move a3, s0 | a3 = s0;
0x0040bbdc lw t8, -0x7cb8(gp) | t8 = sym.imp.setsockopt;
0x0040bbe0 move t9, t8 | t9 = t8;
0x0040bbe4 jalr t9 | t9 ();
0x0040bbe8 nop |
0x0040bbec lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040bbf0 move t8, v0 | t8 = v0;
0x0040bbf4 addiu t8, t8, 1 | t8++;
0x0040bbf8 sltiu t8, t8, 1 | t8 = (t8 < 1) ? 1 : 0;
0x0040bbfc andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x0040bc00 beqz t8, 0x40bc54 |
0x0040bc04 nop |
0x0040bc08 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.SO_BINDTODEVICE_FAIL */
0x0040bc0c addiu a0, t8, 0x6c60 | a0 = t8 + 0x6c60;
0x0040bc10 lw t8, -0x7d8c(gp) | t8 = sym.imp.printf
0x0040bc14 move t9, t8 | t9 = t8;
0x0040bc18 jalr t9 | t9 ();
0x0040bc1c nop |
0x0040bc20 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040bc24 lw t8, 0x40(fp) | t8 = *(arg_40h);
| if (t8 >= 0) {
0x0040bc28 bltz t8, 0x40bc48 |
0x0040bc2c nop |
0x0040bc30 lw a0, 0x40(fp) | a0 = *(arg_40h);
0x0040bc34 lw t8, -0x7cec(gp) | t8 = sym.imp.close;
0x0040bc38 move t9, t8 | t9 = t8;
0x0040bc3c jalr t9 | t9 ();
0x0040bc40 nop |
0x0040bc44 lw gp, 0x18(fp) | gp = *(arg_18h);
| }
0x0040bc48 addiu t8, zero, -1 | t8 = -1;
0x0040bc4c b 0x40be20 | goto label_0;
0x0040bc50 nop |
| }
0x0040bc54 move s0, zero | s0 = 0;
0x0040bc58 move s1, zero | s1 = 0;
0x0040bc5c lw t8, 0x24(fp) | t8 = *(arg_24h);
| if (t8 != 0) {
0x0040bc60 beqz t8, 0x40bcf0 |
0x0040bc64 nop |
0x0040bc68 addiu t8, fp, 0x30 | t8 = fp + 0x30;
0x0040bc6c move a0, t8 | a0 = t8;
0x0040bc70 lw t8, -0x7d84(gp) | t8 = *(gp);
0x0040bc74 move t9, t8 | t9 = t8;
0x0040bc78 jalr t9 | t9 ();
0x0040bc7c nop |
0x0040bc80 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040bc84 addiu s0, zero, 1 | s0 = 1;
0x0040bc88 addiu v0, fp, 0x38 | v0 = fp + 0x38;
0x0040bc8c addiu t8, fp, 0x30 | t8 = fp + 0x30;
0x0040bc90 move a0, v0 | a0 = v0;
0x0040bc94 lw a1, 0x24(fp) | a1 = *(arg_24h);
0x0040bc98 move a2, t8 | a2 = t8;
0x0040bc9c lw t8, -0x7ce0(gp) | t8 = *(gp);
0x0040bca0 move t9, t8 | t9 = t8;
0x0040bca4 jalr t9 | t9 ();
0x0040bca8 nop |
0x0040bcac lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040bcb0 addiu s1, zero, 1 | s1 = 1;
0x0040bcb4 addiu t8, fp, 0x38 | t8 = fp + 0x38;
0x0040bcb8 move a0, t8 | a0 = t8;
0x0040bcbc lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* esilref: '239.255.255.250' */
0x0040bcc0 addiu a1, t8, 0x6be8 | a1 = t8 + 0x6be8;
0x0040bcc4 lw t8, -0x7fb0(gp) | t8 = *(gp);
0x0040bcc8 move t9, t8 | t9 = t8;
0x0040bccc jalr t9 | t9 ();
0x0040bcd0 nop |
0x0040bcd4 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040bcd8 move t8, v0 | t8 = v0;
| if (t8 == 0) {
0x0040bcdc beqz t8, 0x40bcf0 | goto label_1;
| }
0x0040bce0 nop |
0x0040bce4 addiu t8, zero, 1 | t8 = 1;
0x0040bce8 b 0x40bcf4 | goto label_2;
0x0040bcec nop |
| }
| label_1:
0x0040bcf0 move t8, zero | t8 = 0;
| label_2:
0x0040bcf4 move s2, t8 | s2 = t8;
| if (s1 != 0) {
0x0040bcf8 beqz s1, 0x40bd1c |
0x0040bcfc nop |
0x0040bd00 addiu t8, fp, 0x38 | t8 = fp + 0x38;
0x0040bd04 move a0, t8 | a0 = t8;
0x0040bd08 lw t8, -0x7c90(gp) | t8 = *((gp - 7972));
0x0040bd0c move t9, t8 | t9 = t8;
0x0040bd10 jalr t9 | t9 ();
0x0040bd14 nop |
0x0040bd18 lw gp, 0x18(fp) | gp = *(arg_18h);
| }
| if (s0 != 0) {
0x0040bd1c beqz s0, 0x40bd44 |
0x0040bd20 nop |
0x0040bd24 nop |
0x0040bd28 addiu t8, fp, 0x30 | t8 = fp + 0x30;
0x0040bd2c move a0, t8 | a0 = t8;
0x0040bd30 lw t8, -0x7d30(gp) | t8 = *(gp);
0x0040bd34 move t9, t8 | t9 = t8;
0x0040bd38 jalr t9 | t9 ();
0x0040bd3c nop |
0x0040bd40 lw gp, 0x18(fp) | gp = *(arg_18h);
| }
| if (s2 != 0) {
0x0040bd44 beqz s2, 0x40be1c |
0x0040bd48 nop |
0x0040bd4c lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* esilref: '239.255.255.250' */
0x0040bd50 addiu a0, t8, 0x6be8 | a0 = t8 + 0x6be8;
0x0040bd54 lw t8, -0x7d34(gp) | t8 = sym.imp.inet_addr;
0x0040bd58 move t9, t8 | t9 = t8;
0x0040bd5c jalr t9 | t9 ();
0x0040bd60 nop |
0x0040bd64 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040bd68 move t8, v0 | t8 = v0;
0x0040bd6c sw t8, 0x44(fp) | *(arg_44h) = t8;
0x0040bd70 addiu t8, fp, 0x3c | t8 = fp + 0x3c;
0x0040bd74 move a0, t8 | a0 = t8;
0x0040bd78 lw a1, 0x2c(fp) | a1 = *(arg_2ch);
0x0040bd7c lw t8, -0x7fb4(gp) | t8 = *(gp);
0x0040bd80 move t9, t8 | t9 = t8;
0x0040bd84 jalr t9 | t9 ();
0x0040bd88 nop |
0x0040bd8c lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040bd90 addiu t8, fp, 0x3c | t8 = fp + 0x3c;
0x0040bd94 move a0, t8 | a0 = t8;
0x0040bd98 lw t8, -0x7c20(gp) | t8 = *(gp);
0x0040bd9c move t9, t8 | t9 = t8;
0x0040bda0 jalr t9 | t9 ();
0x0040bda4 nop |
0x0040bda8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040bdac move t8, v0 | t8 = v0;
0x0040bdb0 move a0, t8 | a0 = t8;
0x0040bdb4 lw t8, -0x7d34(gp) | t8 = sym.imp.inet_addr;
0x0040bdb8 move t9, t8 | t9 = t8;
0x0040bdbc jalr t9 | t9 ();
0x0040bdc0 nop |
0x0040bdc4 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040bdc8 move t8, v0 | t8 = v0;
0x0040bdcc sw t8, 0x48(fp) | *(arg_48h) = t8;
0x0040bdd0 addiu t8, fp, 0x3c | t8 = fp + 0x3c;
0x0040bdd4 move a0, t8 | a0 = t8;
0x0040bdd8 lw t8, -0x7c90(gp) | t8 = *((gp - 7972));
0x0040bddc move t9, t8 | t9 = t8;
0x0040bde0 jalr t9 | t9 ();
0x0040bde4 nop |
0x0040bde8 lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040bdec addiu t8, fp, 0x44 | t8 = fp + 0x44;
0x0040bdf0 addiu v0, zero, 8 | v0 = 8;
0x0040bdf4 sw v0, 0x10(sp) | *(var_10h) = v0;
0x0040bdf8 lw a0, 0x40(fp) | a0 = *(arg_40h);
0x0040bdfc move a1, zero | a1 = 0;
0x0040be00 addiu a2, zero, 0x23 | a2 = 0x23;
0x0040be04 move a3, t8 | a3 = t8;
0x0040be08 lw t8, -0x7cb8(gp) | t8 = sym.imp.setsockopt;
0x0040be0c move t9, t8 | t9 = t8;
0x0040be10 jalr t9 | t9 ();
0x0040be14 nop |
0x0040be18 lw gp, 0x18(fp) | gp = *(arg_18h);
| }
0x0040be1c lw t8, 0x40(fp) | t8 = *(arg_40h);
| label_0:
0x0040be20 move v0, t8 | v0 = t8;
0x0040be24 lw t8, -0x7c04(gp) | t8 = *((gp - 7937));
0x0040be28 lw v1, 0x5c(fp) | v1 = *(arg_5ch);
0x0040be2c lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x0040be30 beq v1, t8, 0x40bf18 |
0x0040be34 nop |
0x0040be38 b 0x40bf08 | goto label_3;
0x0040be3c nop |
| label_3:
0x0040bf08 lw t8, -0x7cc8(gp) | t8 = sym.imp.__stack_chk_fail;
0x0040bf0c move t9, t8 | t9 = t8;
0x0040bf10 jalr t9 | t9 ();
0x0040bf14 nop |
| }
0x0040bf18 move sp, fp |
0x0040bf1c lw ra, 0x74(sp) | ra = *(var_74h);
0x0040bf20 lw fp, 0x70(sp) | fp = *(var_70h);
0x0040bf24 lw s2, 0x6c(sp) | s2 = *(var_6ch);
0x0040bf28 lw s1, 0x68(sp) | s1 = *(var_68h);
0x0040bf2c lw s0, 0x64(sp) | s0 = *(var_64h);
0x0040bf30 addiu sp, sp, 0x78 |
0x0040bf34 jr ra | return v1;
0x0040bf38 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/discovery @ 0x404900 */
| #include <stdint.h>
|
; (fcn) sym.create_pidfile_char_const_ () | void create_pidfile_char_const_ () {
| /* create_pidfile(char const*) */
0x00404900 lui gp, 4 |
0x00404904 addiu gp, gp, 0x1770 |
0x00404908 addu gp, gp, t9 | gp += t9;
0x0040490c addiu sp, sp, -0x80 |
0x00404910 sw ra, 0x7c(sp) | *(var_7ch) = ra;
0x00404914 sw fp, 0x78(sp) | *(var_78h) = fp;
0x00404918 move fp, sp | fp = sp;
0x0040491c sw gp, 0x10(sp) | *(var_10h) = gp;
0x00404920 sw a0, 0x1c(fp) | *(arg_1ch) = a0;
0x00404924 lw t8, -0x7c04(gp) | t8 = *((gp - 7937));
0x00404928 lw t8, (t8) | t8 = *(t8);
0x0040492c sw t8, 0x74(fp) | *(arg_74h) = t8;
0x00404930 lw a0, 0x1c(fp) | a0 = *(arg_1ch);
0x00404934 addiu a1, zero, 0x102 | a1 = 0x102;
0x00404938 addiu a2, zero, 0x1a4 | a2 = 0x1a4;
0x0040493c lw t8, -0x7d6c(gp) | t8 = sym.imp.open64;
0x00404940 move t9, t8 | t9 = t8;
0x00404944 jalr t9 | t9 ();
0x00404948 nop |
0x0040494c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404950 move t8, v0 | t8 = v0;
0x00404954 sw t8, 0x24(fp) | *(arg_24h) = t8;
0x00404958 addiu t8, zero, -1 | t8 = -1;
0x0040495c sw t8, 0x20(fp) | *(arg_20h) = t8;
0x00404960 lw t8, 0x24(fp) | t8 = *(arg_24h);
| if (t8 < 0) {
0x00404964 bgez t8, 0x404990 |
0x00404968 nop |
0x0040496c lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* esilref: 'open' */
0x00404970 addiu a0, t8, 0x6078 | a0 = t8 + 0x6078;
0x00404974 lw t8, -0x7d18(gp) | t8 = sym.imp.perror;
0x00404978 move t9, t8 | t9 = t8;
0x0040497c jalr t9 | t9 ();
0x00404980 nop |
0x00404984 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404988 b 0x404b3c | goto label_0;
0x0040498c nop |
| }
0x00404990 addiu t8, zero, 1 | t8 = 1;
0x00404994 sh t8, 0x28(fp) | *(arg_28h) = t8;
0x00404998 move t8, zero | t8 = 0;
0x0040499c move t9, zero | t9 = 0;
0x004049a0 sw t8, 0x30(fp) | *(arg_30h) = t8;
0x004049a4 sw t9, 0x34(fp) | *(arg_34h) = t9;
0x004049a8 sh zero, 0x2a(fp) | *(arg_2ah) = 0;
0x004049ac move t8, zero | t8 = 0;
0x004049b0 move t9, zero | t9 = 0;
0x004049b4 sw t8, 0x38(fp) | *(arg_38h) = t8;
0x004049b8 sw t9, 0x3c(fp) | *(arg_3ch) = t9;
0x004049bc addiu t8, fp, 0x28 | t8 = fp + 0x28;
0x004049c0 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x004049c4 addiu a1, zero, 0x22 | a1 = 0x22;
0x004049c8 move a2, t8 | a2 = t8;
0x004049cc lw t8, -0x7c0c(gp) | t8 = sym.imp.fcntl64;
0x004049d0 move t9, t8 | t9 = t8;
0x004049d4 jalr t9 | t9 ();
0x004049d8 nop |
0x004049dc lw gp, 0x10(fp) | gp = *(arg_10h);
0x004049e0 move t8, v0 | t8 = v0;
0x004049e4 srl t8, t8, 0x1f | t8 >>= 0x1f;
0x004049e8 andi t8, t8, 0xff | t8 &= 0xff;
| if (t8 != 0) {
0x004049ec beqz t8, 0x404a90 |
0x004049f0 nop |
0x004049f4 lw t8, -0x7c00(gp) | t8 = sym.imp.__errno_location;
0x004049f8 move t9, t8 | t9 = t8;
0x004049fc jalr t9 | t9 ();
0x00404a00 nop |
0x00404a04 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404a08 move t8, v0 | t8 = v0;
0x00404a0c lw v0, (t8) | v0 = *(t8);
0x00404a10 addiu t8, zero, 0xd | t8 = 0xd;
| if (v0 != t8) {
0x00404a14 beq v0, t8, 0x404a44 |
0x00404a18 nop |
0x00404a1c lw t8, -0x7c00(gp) | t8 = sym.imp.__errno_location;
0x00404a20 move t9, t8 | t9 = t8;
0x00404a24 jalr t9 | t9 ();
0x00404a28 nop |
0x00404a2c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404a30 move t8, v0 | t8 = v0;
0x00404a34 lw v0, (t8) | v0 = *(t8);
0x00404a38 addiu t8, zero, 0xb | t8 = 0xb;
| if (v0 != t8) {
0x00404a3c bne v0, t8, 0x404a68 | goto label_1;
| }
0x00404a40 nop |
| }
0x00404a44 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.Program_already_exists. */
0x00404a48 addiu a0, t8, 0x6080 | a0 = t8 + 0x6080;
0x00404a4c lw t8, -0x7d94(gp) | t8 = sym.imp.puts;
0x00404a50 move t9, t8 | t9 = t8;
0x00404a54 jalr t9 | t9 ();
0x00404a58 nop |
0x00404a5c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404a60 b 0x404b3c | goto label_0;
0x00404a64 nop |
| label_1:
0x00404a68 lw t8, -0x7fdc(gp) | t8 = *((gp - 8183));
| /* str.Unable_to_lock__s_n */
0x00404a6c addiu a0, t8, 0x6098 | a0 = t8 + 0x6098;
0x00404a70 lw a1, 0x1c(fp) | a1 = *(arg_1ch);
0x00404a74 lw t8, -0x7d8c(gp) | t8 = sym.imp.printf
0x00404a78 move t9, t8 | t9 = t8;
0x00404a7c jalr t9 | t9 ();
0x00404a80 nop |
0x00404a84 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404a88 b 0x404b3c | goto label_0;
0x00404a8c nop |
| }
0x00404a90 lw t8, -0x7ca8(gp) | t8 = sym.imp.getpid;
0x00404a94 move t9, t8 | t9 = t8;
0x00404a98 jalr t9 | t9 ();
0x00404a9c nop |
0x00404aa0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404aa4 move t8, v0 | t8 = v0;
0x00404aa8 addiu v0, fp, 0x4c | v0 = fp + 0x4c;
0x00404aac move a0, v0 | a0 = v0;
0x00404ab0 addiu a1, zero, 0x28 | a1 = 0x28;
0x00404ab4 lw v0, -0x7fdc(gp) | v0 = *((gp - 8183));
| /* str._ld_n */
0x00404ab8 addiu a2, v0, 0x60ac | a2 = v0 + 0x60ac;
0x00404abc move a3, t8 | a3 = t8;
0x00404ac0 lw t8, -0x7c84(gp) | t8 = sym.imp.snprintf
0x00404ac4 move t9, t8 | t9 = t8;
0x00404ac8 jalr t9 | t9 ();
0x00404acc nop |
0x00404ad0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404ad4 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x00404ad8 move a2, zero | a2 = 0;
0x00404adc move a3, zero | a3 = 0;
0x00404ae0 lw t8, -0x7d9c(gp) | t8 = sym.imp.ftruncate64;
0x00404ae4 move t9, t8 | t9 = t8;
0x00404ae8 jalr t9 | t9 ();
0x00404aec nop |
0x00404af0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404af4 addiu t8, fp, 0x4c | t8 = fp + 0x4c;
0x00404af8 move a0, t8 | a0 = t8;
0x00404afc lw t8, -0x7c64(gp) | t8 = sym.imp.strlen;
0x00404b00 move t9, t8 | t9 = t8;
0x00404b04 jalr t9 | t9 ();
0x00404b08 nop |
0x00404b0c lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404b10 move t8, v0 | t8 = v0;
0x00404b14 addiu v0, fp, 0x4c | v0 = fp + 0x4c;
0x00404b18 lw a0, 0x24(fp) | a0 = *(arg_24h);
0x00404b1c move a1, v0 | a1 = v0;
0x00404b20 move a2, t8 | a2 = t8;
0x00404b24 lw t8, -0x7cd8(gp) | t8 = sym.imp.write;
0x00404b28 move t9, t8 | t9 = t8;
0x00404b2c jalr t9 | t9 ();
0x00404b30 nop |
0x00404b34 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00404b38 sw zero, 0x20(fp) | *(arg_20h) = 0;
| label_0:
0x00404b3c lw t8, 0x20(fp) | t8 = *(arg_20h);
0x00404b40 move v0, t8 | v0 = t8;
0x00404b44 lw t8, -0x7c04(gp) | t8 = *((gp - 7937));
0x00404b48 lw v1, 0x74(fp) | v1 = *(arg_74h);
0x00404b4c lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x00404b50 beq v1, t8, 0x404b68 |
0x00404b54 nop |
0x00404b58 lw t8, -0x7cc8(gp) | t8 = sym.imp.__stack_chk_fail;
0x00404b5c move t9, t8 | t9 = t8;
0x00404b60 jalr t9 | t9 ();
0x00404b64 nop |
| }
0x00404b68 move sp, fp |
0x00404b6c lw ra, 0x7c(sp) | ra = *(var_7ch);
0x00404b70 lw fp, 0x78(sp) | fp = *(var_78h);
0x00404b74 addiu sp, sp, 0x80 |
0x00404b78 jr ra | return v1;
0x00404b7c nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/sbin/discovery @ 0x4212a0 */
| #include <stdint.h>
|
; (fcn) sym.display_usage__ () | void display_usage_ () {
| /* display_usage() */
0x004212a0 lui gp, 2 |
0x004212a4 addiu gp, gp, 0x4dd0 |
0x004212a8 addu gp, gp, t9 | gp += t9;
0x004212ac addiu sp, sp, -0x28 |
0x004212b0 sw ra, 0x24(sp) | *(var_24h) = ra;
0x004212b4 sw fp, 0x20(sp) | *(var_20h) = fp;
0x004212b8 move fp, sp | fp = sp;
0x004212bc sw gp, 0x10(sp) | *(var_10h) = gp;
0x004212c0 lw t8, -0x7c04(gp) | t8 = *((gp - 7937));
0x004212c4 lw t8, (t8) | t8 = *(t8);
0x004212c8 sw t8, 0x1c(fp) | *(arg_1ch) = t8;
0x004212cc addiu a0, zero, 0xa | a0 = 0xa;
0x004212d0 lw t8, -0x7c30(gp) | t8 = sym.imp.putchar;
0x004212d4 move t9, t8 | t9 = t8;
0x004212d8 jalr t9 | t9 ();
0x004212dc nop |
0x004212e0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004212e4 lw t8, -0x7dec(gp) | t8 = *((gp - 8059));
| /* str.__h____help_____________________________show_usage_ */
0x004212e8 addiu a0, t8, -0x6a70 | a0 = t8 + -0x6a70;
0x004212ec lw t8, -0x7d94(gp) | t8 = sym.imp.puts;
0x004212f0 move t9, t8 | t9 = t8;
0x004212f4 jalr t9 | t9 ();
0x004212f8 nop |
0x004212fc lw gp, 0x10(fp) | gp = *(arg_10h);
0x00421300 lw t8, -0x7dec(gp) | t8 = *((gp - 8059));
| /* str.__i____interfaceInterface______________ex:__i__s_or___interface_s___n */
0x00421304 addiu a0, t8, -0x6a3c | a0 = t8 + -0x6a3c;
0x00421308 lw t8, -0x7dec(gp) | t8 = *((gp - 8059));
| /* esilref: 'br0' */
0x0042130c addiu a1, t8, -0x69f4 | a1 = t8 + -0x69f4;
0x00421310 lw t8, -0x7dec(gp) | t8 = *((gp - 8059));
| /* esilref: 'br0' */
0x00421314 addiu a2, t8, -0x69f4 | a2 = t8 + -0x69f4;
0x00421318 lw t8, -0x7d8c(gp) | t8 = sym.imp.printf
0x0042131c move t9, t8 | t9 = t8;
0x00421320 jalr t9 | t9 ();
0x00421324 nop |
0x00421328 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0042132c lw t8, -0x7dec(gp) | t8 = *((gp - 8059));
| /* str.__o____byeMessagebye___________________ex:___obye__ */
0x00421330 addiu a0, t8, -0x69f0 | a0 = t8 + -0x69f0;
0x00421334 lw t8, -0x7d94(gp) | t8 = sym.imp.puts;
0x00421338 move t9, t8 | t9 = t8;
0x0042133c jalr t9 | t9 ();
0x00421340 nop |
0x00421344 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00421348 lw t8, -0x7dec(gp) | t8 = *((gp - 8059));
| /* str.__n____modelNameName___________________ex:___modelNameDCSXXX__ */
0x0042134c addiu a0, t8, -0x69b8 | a0 = t8 + -0x69b8;
0x00421350 lw t8, -0x7d94(gp) | t8 = sym.imp.puts;
0x00421354 move t9, t8 | t9 = t8;
0x00421358 jalr t9 | t9 ();
0x0042135c nop |
0x00421360 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00421364 addiu a0, zero, 0xa | a0 = 0xa;
0x00421368 lw t8, -0x7c30(gp) | t8 = sym.imp.putchar;
0x0042136c move t9, t8 | t9 = t8;
0x00421370 jalr t9 | t9 ();
0x00421374 nop |
0x00421378 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0042137c move t8, zero | t8 = 0;
0x00421380 move v0, t8 | v0 = t8;
0x00421384 lw t8, -0x7c04(gp) | t8 = *((gp - 7937));
0x00421388 lw v1, 0x1c(fp) | v1 = *(arg_1ch);
0x0042138c lw t8, (t8) | t8 = *(t8);
| if (v1 != t8) {
0x00421390 beq v1, t8, 0x4213a8 |
0x00421394 nop |
0x00421398 lw t8, -0x7cc8(gp) | t8 = sym.imp.__stack_chk_fail;
0x0042139c move t9, t8 | t9 = t8;
0x004213a0 jalr t9 | t9 ();
0x004213a4 nop |
| }
0x004213a8 move sp, fp |
0x004213ac lw ra, 0x24(sp) | ra = *(var_24h);
0x004213b0 lw fp, 0x20(sp) | fp = *(var_20h);
0x004213b4 addiu sp, sp, 0x28 |
0x004213b8 jr ra | return v1;
0x004213bc nop |
| }
[*] Function printf used 6 times discovery
