[*] Binary protection state of hcitool
No RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of hcitool
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/var/bluetooth/bin/hcitool @ 0x401090 */
| #include <stdint.h>
|
; (fcn) fcn.00401090 () | void fcn_00401090 () {
0x00401090 lui t9, 0x41 | t9 = 0x410000;
0x00401094 j 0x410018 | goto label_2;
0x00401098 addiu t9, t9, 0x18 | t9 += 0x18;
| label_2:
0x00410018 lui gp, 2 |
0x0041001c addiu gp, gp, 0x76f8 |
0x00410020 addu gp, gp, t9 | gp += t9;
0x00410024 addiu sp, sp, -0x48 |
0x00410028 sw ra, 0x44(sp) | *(var_44h) = ra;
0x0041002c sw fp, 0x40(sp) | *(var_40h) = fp;
0x00410030 sw s0, 0x3c(sp) | *(var_3ch) = s0;
0x00410034 move fp, sp | fp = sp;
0x00410038 sw gp, 0x10(sp) | *(var_10h) = gp;
0x0041003c sw a0, 0x48(fp) | *(arg_48h) = a0;
0x00410040 sw a1, 0x4c(fp) | *(arg_4ch) = a1;
0x00410044 sw a2, 0x50(fp) | *(arg_50h) = a2;
0x00410048 lw t8, 0x50(fp) | t8 = *(arg_50h);
0x0041004c addiu t8, t8, -1 | t8 += -1;
0x00410050 sw t8, 0x30(fp) | *(arg_30h) = t8;
0x00410054 addiu t8, zero, 0xa | t8 = 0xa;
0x00410058 sw t8, 0x24(fp) | *(arg_24h) = t8;
0x0041005c sw zero, 0x20(fp) | *(arg_20h) = 0;
0x00410060 b 0x410148 | goto label_3;
0x00410064 nop |
| label_0:
0x00410068 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x0041006c sll t8, t8, 3 | t8 <<= 3;
0x00410070 sll v0, t8, 3 | v0 = t8 << 3;
0x00410074 addu t8, t8, v0 | t8 += v0;
0x00410078 lw v0, -0x7fc0(gp) | v0 = *((gp - 8176));
| /* esilref: '<3-slot packets>' */
0x0041007c addiu v0, v0, -0xb38 | v0 += -0xb38;
0x00410080 addu t8, t8, v0 | t8 += v0;
0x00410084 sw t8, 0x28(fp) | *(arg_28h) = t8;
0x00410088 b 0x41012c | goto label_4;
0x0041008c nop |
| do {
0x00410090 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x00410094 lw v0, 4(t8) | v0 = *((t8 + 1));
0x00410098 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x0041009c lw v1, 0x48(fp) | v1 = *(arg_48h);
0x004100a0 addu t8, v1, t8 | t8 = v1 + t8;
0x004100a4 lbu t8, (t8) | t8 = *(t8);
0x004100a8 and t8, v0, t8 | t8 = v0 & t8;
| if (t8 != 0) {
0x004100ac beqz t8, 0x410120 |
0x004100b0 nop |
0x004100b4 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x004100b8 lw t8, (t8) | t8 = *(t8);
0x004100bc move a0, t8 | a0 = t8;
0x004100c0 lw t8, -0x7f7c(gp) | t8 = *((gp - 8159));
0x004100c4 move t9, t8 | t9 = t8;
0x004100c8 jalr t9 | t9 ();
0x004100cc nop |
0x004100d0 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004100d4 move s0, v0 | s0 = v0;
0x004100d8 lw t8, 0x4c(fp) | t8 = *(arg_4ch);
| if (t8 != 0) {
0x004100dc beqz t8, 0x410108 |
0x004100e0 nop |
0x004100e4 lw a0, 0x4c(fp) | a0 = *(arg_4ch);
0x004100e8 lw t8, -0x7f7c(gp) | t8 = *((gp - 8159));
0x004100ec move t9, t8 | t9 = t8;
0x004100f0 jalr t9 | t9 ();
0x004100f4 nop |
0x004100f8 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004100fc move t8, v0 | t8 = v0;
0x00410100 b 0x41010c | goto label_5;
0x00410104 nop |
| }
0x00410108 move t8, zero | t8 = 0;
| label_5:
0x0041010c addu v0, s0, t8 | v0 = s0 + t8;
0x00410110 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x00410114 addu t8, v0, t8 | t8 = v0 + t8;
0x00410118 addiu t8, t8, 1 | t8++;
0x0041011c sw t8, 0x24(fp) | *(arg_24h) = t8;
| }
0x00410120 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x00410124 addiu t8, t8, 8 | t8 += 8;
0x00410128 sw t8, 0x28(fp) | *(arg_28h) = t8;
| label_4:
0x0041012c lw t8, 0x28(fp) | t8 = *(arg_28h);
0x00410130 lw t8, (t8) | t8 = *(t8);
0x00410134 bnez t8, 0x410090 |
| } while (t8 != 0);
0x00410138 nop |
0x0041013c lw t8, 0x20(fp) | t8 = *(arg_20h);
0x00410140 addiu t8, t8, 1 | t8++;
0x00410144 sw t8, 0x20(fp) | *(arg_20h) = t8;
| label_3:
0x00410148 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x0041014c slti t8, t8, 8 | t8 = (t8 < 8) ? 1 : 0;
| if (t8 != 0) {
0x00410150 bnez t8, 0x410068 | goto label_0;
| }
0x00410154 nop |
0x00410158 lw t8, 0x24(fp) | t8 = *(arg_24h);
0x0041015c move a0, t8 | a0 = t8;
0x00410160 lw t8, -0x7fdc(gp) | t8 = sym.bt_malloc;
0x00410164 move t9, t8 | t9 = t8;
0x00410168 jalr t9 | t9 ();
0x0041016c nop |
0x00410170 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00410174 sw v0, 0x34(fp) | *(arg_34h) = v0;
0x00410178 lw t8, 0x34(fp) | t8 = *(arg_34h);
| if (t8 == 0) {
0x0041017c bnez t8, 0x410190 |
0x00410180 nop |
0x00410184 move t8, zero | t8 = 0;
0x00410188 b 0x410368 | goto label_6;
0x0041018c nop |
| }
0x00410190 lw t8, 0x34(fp) | t8 = *(arg_34h);
0x00410194 sw t8, 0x1c(fp) | *(arg_1ch) = t8;
0x00410198 lw t8, 0x1c(fp) | t8 = *(arg_1ch);
0x0041019c sb zero, (t8) | *(t8) = 0;
0x004101a0 lw t8, 0x4c(fp) | t8 = *(arg_4ch);
| if (t8 != 0) {
0x004101a4 beqz t8, 0x4101e0 |
0x004101a8 nop |
0x004101ac lw a0, 0x1c(fp) | a0 = *(arg_1ch);
0x004101b0 lw t8, -0x7fd8(gp) | t8 = *((gp - 8182));
| /* esilref: '&s' */
0x004101b4 addiu a1, t8, -0x3b28 | a1 = t8 + -0x3b28;
0x004101b8 lw a2, 0x4c(fp) | a2 = *(arg_4ch);
0x004101bc lw t8, -0x7f70(gp) | t8 = sym.imp.sprintf
0x004101c0 move t9, t8 | t9 = t8;
0x004101c4 jalr t9 | t9 ();
0x004101c8 nop |
0x004101cc lw gp, 0x10(fp) | gp = *(arg_10h);
0x004101d0 move t8, v0 | t8 = v0;
0x004101d4 lw v0, 0x1c(fp) | v0 = *(arg_1ch);
0x004101d8 addu t8, v0, t8 | t8 = v0 + t8;
0x004101dc sw t8, 0x1c(fp) | *(arg_1ch) = t8;
| }
0x004101e0 lw t8, 0x1c(fp) | t8 = *(arg_1ch);
0x004101e4 sw t8, 0x18(fp) | *(arg_18h) = t8;
0x004101e8 sw zero, 0x20(fp) | *(arg_20h) = 0;
0x004101ec b 0x410354 | goto label_7;
0x004101f0 nop |
| label_1:
0x004101f4 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x004101f8 sll t8, t8, 3 | t8 <<= 3;
0x004101fc sll v0, t8, 3 | v0 = t8 << 3;
0x00410200 addu t8, t8, v0 | t8 += v0;
0x00410204 lw v0, -0x7fc0(gp) | v0 = *((gp - 8176));
| /* esilref: '<3-slot packets>' */
0x00410208 addiu v0, v0, -0xb38 | v0 += -0xb38;
0x0041020c addu t8, t8, v0 | t8 += v0;
0x00410210 sw t8, 0x2c(fp) | *(arg_2ch) = t8;
0x00410214 b 0x410338 | goto label_8;
0x00410218 nop |
| do {
0x0041021c lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x00410220 lw v0, 4(t8) | v0 = *((t8 + 1));
0x00410224 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x00410228 lw v1, 0x48(fp) | v1 = *(arg_48h);
0x0041022c addu t8, v1, t8 | t8 = v1 + t8;
0x00410230 lbu t8, (t8) | t8 = *(t8);
0x00410234 and t8, v0, t8 | t8 = v0 & t8;
| if (t8 != 0) {
0x00410238 beqz t8, 0x41032c |
0x0041023c nop |
0x00410240 lw a0, 0x18(fp) | a0 = *(arg_18h);
0x00410244 lw t8, -0x7f7c(gp) | t8 = *((gp - 8159));
0x00410248 move t9, t8 | t9 = t8;
0x0041024c jalr t9 | t9 ();
0x00410250 nop |
0x00410254 lw gp, 0x10(fp) | gp = *(arg_10h);
0x00410258 move s0, v0 | s0 = v0;
0x0041025c lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x00410260 lw t8, (t8) | t8 = *(t8);
0x00410264 move a0, t8 | a0 = t8;
0x00410268 lw t8, -0x7f7c(gp) | t8 = *((gp - 8159));
0x0041026c move t9, t8 | t9 = t8;
0x00410270 jalr t9 | t9 ();
0x00410274 nop |
0x00410278 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0041027c move t8, v0 | t8 = v0;
0x00410280 addu v0, s0, t8 | v0 = s0 + t8;
0x00410284 lw t8, 0x30(fp) | t8 = *(arg_30h);
0x00410288 sltu t8, t8, v0 | t8 = (t8 < v0) ? 1 : 0;
| if (t8 != 0) {
0x0041028c beqz t8, 0x4102f0 |
0x00410290 nop |
0x00410294 lw t8, 0x4c(fp) | t8 = *(arg_4ch);
| if (t8 != 0) {
0x00410298 beqz t8, 0x4102ac |
0x0041029c nop |
0x004102a0 lw t8, 0x4c(fp) | t8 = *(arg_4ch);
0x004102a4 b 0x4102b4 | goto label_9;
0x004102a8 nop |
| }
0x004102ac lw t8, -0x7fd8(gp) | t8 = *((gp - 8182));
0x004102b0 addiu t8, t8, -0x25b8 | t8 += -0x25b8;
| label_9:
0x004102b4 lw a0, 0x1c(fp) | a0 = *(arg_1ch);
0x004102b8 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
| /* esilref: '
&s' */
0x004102bc addiu a1, v0, -0x25b4 | a1 = v0 + -0x25b4;
0x004102c0 move a2, t8 | a2 = t8;
0x004102c4 lw t8, -0x7f70(gp) | t8 = sym.imp.sprintf
0x004102c8 move t9, t8 | t9 = t8;
0x004102cc jalr t9 | t9 ();
0x004102d0 nop |
0x004102d4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x004102d8 move t8, v0 | t8 = v0;
0x004102dc lw v0, 0x1c(fp) | v0 = *(arg_1ch);
0x004102e0 addu t8, v0, t8 | t8 = v0 + t8;
0x004102e4 sw t8, 0x1c(fp) | *(arg_1ch) = t8;
0x004102e8 lw t8, 0x1c(fp) | t8 = *(arg_1ch);
0x004102ec sw t8, 0x18(fp) | *(arg_18h) = t8;
| }
0x004102f0 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x004102f4 lw t8, (t8) | t8 = *(t8);
0x004102f8 lw a0, 0x1c(fp) | a0 = *(arg_1ch);
0x004102fc lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
| /* esilref: '&s ' */
0x00410300 addiu a1, v0, -0x3b30 | a1 = v0 + -0x3b30;
0x00410304 move a2, t8 | a2 = t8;
0x00410308 lw t8, -0x7f70(gp) | t8 = sym.imp.sprintf
0x0041030c move t9, t8 | t9 = t8;
0x00410310 jalr t9 | t9 ();
0x00410314 nop |
0x00410318 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0041031c move t8, v0 | t8 = v0;
0x00410320 lw v0, 0x1c(fp) | v0 = *(arg_1ch);
0x00410324 addu t8, v0, t8 | t8 = v0 + t8;
0x00410328 sw t8, 0x1c(fp) | *(arg_1ch) = t8;
| }
0x0041032c lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x00410330 addiu t8, t8, 8 | t8 += 8;
0x00410334 sw t8, 0x2c(fp) | *(arg_2ch) = t8;
| label_8:
0x00410338 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x0041033c lw t8, (t8) | t8 = *(t8);
0x00410340 bnez t8, 0x41021c |
| } while (t8 != 0);
0x00410344 nop |
0x00410348 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x0041034c addiu t8, t8, 1 | t8++;
0x00410350 sw t8, 0x20(fp) | *(arg_20h) = t8;
| label_7:
0x00410354 lw t8, 0x20(fp) | t8 = *(arg_20h);
0x00410358 slti t8, t8, 8 | t8 = (t8 < 8) ? 1 : 0;
| if (t8 != 0) {
0x0041035c bnez t8, 0x4101f4 | goto label_1;
| }
0x00410360 nop |
0x00410364 lw t8, 0x34(fp) | t8 = *(arg_34h);
| label_6:
0x00410368 move v0, t8 | v0 = t8;
0x0041036c move sp, fp |
0x00410370 lw ra, 0x44(sp) | ra = *(var_44h);
0x00410374 lw fp, 0x40(sp) | fp = *(var_40h);
0x00410378 lw s0, 0x3c(sp) | s0 = *(var_3ch);
0x0041037c addiu sp, sp, 0x48 |
0x00410380 jr ra | return v0;
0x00410384 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/var/bluetooth/bin/hcitool @ 0x40ed88 */
| #include <stdint.h>
|
; (fcn) fcn.0040ed88 () | void fcn_0040ed88 () {
0x0040ed88 lui gp, 3 |
0x0040ed8c addiu gp, gp, -0x7678 |
0x0040ed90 addu gp, gp, t9 | gp += t9;
0x0040ed94 addiu sp, sp, -0x28 |
0x0040ed98 sw ra, 0x24(sp) | *(var_24h) = ra;
0x0040ed9c sw fp, 0x20(sp) | *(var_20h) = fp;
0x0040eda0 move fp, sp | fp = sp;
0x0040eda4 sw gp, 0x10(sp) | *(var_10h) = gp;
0x0040eda8 sw a0, 0x28(fp) | *(arg_28h) = a0;
0x0040edac sw a1, 0x2c(fp) | *(arg_2ch) = a1;
0x0040edb0 addiu a0, zero, 0x78 | a0 = 0x78;
0x0040edb4 lw t8, -0x7f8c(gp) | t8 = *((gp - 8163));
0x0040edb8 move t9, t8 | t9 = t8;
0x0040edbc jalr t9 | t9 ();
0x0040edc0 nop |
0x0040edc4 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040edc8 move t8, v0 | t8 = v0;
0x0040edcc sw t8, 0x1c(fp) | *(arg_1ch) = t8;
0x0040edd0 lw t8, 0x1c(fp) | t8 = *(arg_1ch);
0x0040edd4 sw t8, 0x18(fp) | *(arg_18h) = t8;
0x0040edd8 lw t8, 0x1c(fp) | t8 = *(arg_1ch);
| if (t8 == 0) {
0x0040eddc bnez t8, 0x40edf0 |
0x0040ede0 nop |
0x0040ede4 move t8, zero | t8 = 0;
0x0040ede8 b 0x40ee74 | goto label_0;
0x0040edec nop |
| }
0x0040edf0 lw t8, 0x18(fp) | t8 = *(arg_18h);
0x0040edf4 sb zero, (t8) | *(t8) = 0;
0x0040edf8 b 0x40ee60 | goto label_1;
0x0040edfc nop |
| do {
0x0040ee00 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x0040ee04 lw v0, 4(t8) | v0 = *((t8 + 1));
0x0040ee08 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
0x0040ee0c and t8, v0, t8 | t8 = v0 & t8;
| if (t8 != 0) {
0x0040ee10 beqz t8, 0x40ee54 |
0x0040ee14 nop |
0x0040ee18 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x0040ee1c lw t8, (t8) | t8 = *(t8);
0x0040ee20 lw a0, 0x18(fp) | a0 = *(arg_18h);
0x0040ee24 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
| /* esilref: '&s ' */
0x0040ee28 addiu a1, v0, -0x3b30 | a1 = v0 + -0x3b30;
0x0040ee2c move a2, t8 | a2 = t8;
0x0040ee30 lw t8, -0x7f70(gp) | t8 = sym.imp.sprintf
0x0040ee34 move t9, t8 | t9 = t8;
0x0040ee38 jalr t9 | t9 ();
0x0040ee3c nop |
0x0040ee40 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040ee44 move t8, v0 | t8 = v0;
0x0040ee48 lw v0, 0x18(fp) | v0 = *(arg_18h);
0x0040ee4c addu t8, v0, t8 | t8 = v0 + t8;
0x0040ee50 sw t8, 0x18(fp) | *(arg_18h) = t8;
| }
0x0040ee54 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x0040ee58 addiu t8, t8, 8 | t8 += 8;
0x0040ee5c sw t8, 0x28(fp) | *(arg_28h) = t8;
| label_1:
0x0040ee60 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x0040ee64 lw t8, (t8) | t8 = *(t8);
0x0040ee68 bnez t8, 0x40ee00 |
| } while (t8 != 0);
0x0040ee6c nop |
0x0040ee70 lw t8, 0x1c(fp) | t8 = *(arg_1ch);
| label_0:
0x0040ee74 move v0, t8 | v0 = t8;
0x0040ee78 move sp, fp |
0x0040ee7c lw ra, 0x24(sp) | ra = *(var_24h);
0x0040ee80 lw fp, 0x20(sp) | fp = *(var_20h);
0x0040ee84 addiu sp, sp, 0x28 |
0x0040ee88 jr ra | return v0;
0x0040ee8c nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/var/bluetooth/bin/hcitool @ 0x40f008 */
| #include <stdint.h>
|
; (fcn) fcn.0040f008 () | void fcn_0040f008 () {
0x0040f008 lui gp, 3 |
0x0040f00c addiu gp, gp, -0x78f8 |
0x0040f010 addu gp, gp, t9 | gp += t9;
0x0040f014 addiu sp, sp, -0x28 |
0x0040f018 sw ra, 0x24(sp) | *(var_24h) = ra;
0x0040f01c sw fp, 0x20(sp) | *(var_20h) = fp;
0x0040f020 move fp, sp | fp = sp;
0x0040f024 sw gp, 0x10(sp) | *(var_10h) = gp;
0x0040f028 sw a0, 0x28(fp) | *(arg_28h) = a0;
0x0040f02c sw a1, 0x2c(fp) | *(arg_2ch) = a1;
0x0040f030 addiu a0, zero, 0x32 | a0 = 0x32;
0x0040f034 lw t8, -0x7f8c(gp) | t8 = *((gp - 8163));
0x0040f038 move t9, t8 | t9 = t8;
0x0040f03c jalr t9 | t9 ();
0x0040f040 nop |
0x0040f044 lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040f048 move t8, v0 | t8 = v0;
0x0040f04c sw t8, 0x18(fp) | *(arg_18h) = t8;
0x0040f050 lw t8, 0x18(fp) | t8 = *(arg_18h);
0x0040f054 sw t8, 0x1c(fp) | *(arg_1ch) = t8;
0x0040f058 lw t8, 0x18(fp) | t8 = *(arg_18h);
| if (t8 == 0) {
0x0040f05c bnez t8, 0x40f070 |
0x0040f060 nop |
0x0040f064 move t8, zero | t8 = 0;
0x0040f068 b 0x40f0f8 | goto label_0;
0x0040f06c nop |
| }
0x0040f070 lw t8, 0x1c(fp) | t8 = *(arg_1ch);
0x0040f074 sb zero, (t8) | *(t8) = 0;
0x0040f078 b 0x40f0e4 | goto label_1;
0x0040f07c nop |
| do {
0x0040f080 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x0040f084 lw v0, 4(t8) | v0 = *((t8 + 1));
0x0040f088 lw t8, 0x2c(fp) | t8 = *(arg_2ch);
| if (v0 == t8) {
0x0040f08c bne v0, t8, 0x40f0d8 |
0x0040f090 nop |
0x0040f094 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x0040f098 lw t8, (t8) | t8 = *(t8);
0x0040f09c lw a0, 0x1c(fp) | a0 = *(arg_1ch);
0x0040f0a0 lw v0, -0x7fd8(gp) | v0 = *((gp - 8182));
| /* esilref: '&s' */
0x0040f0a4 addiu a1, v0, -0x3b28 | a1 = v0 + -0x3b28;
0x0040f0a8 move a2, t8 | a2 = t8;
0x0040f0ac lw t8, -0x7f70(gp) | t8 = sym.imp.sprintf
0x0040f0b0 move t9, t8 | t9 = t8;
0x0040f0b4 jalr t9 | t9 ();
0x0040f0b8 nop |
0x0040f0bc lw gp, 0x10(fp) | gp = *(arg_10h);
0x0040f0c0 move t8, v0 | t8 = v0;
0x0040f0c4 lw v0, 0x1c(fp) | v0 = *(arg_1ch);
0x0040f0c8 addu t8, v0, t8 | t8 = v0 + t8;
0x0040f0cc sw t8, 0x1c(fp) | *(arg_1ch) = t8;
0x0040f0d0 b 0x40f0f4 | goto label_2;
0x0040f0d4 nop |
| }
0x0040f0d8 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x0040f0dc addiu t8, t8, 8 | t8 += 8;
0x0040f0e0 sw t8, 0x28(fp) | *(arg_28h) = t8;
| label_1:
0x0040f0e4 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x0040f0e8 lw t8, (t8) | t8 = *(t8);
0x0040f0ec bnez t8, 0x40f080 |
| } while (t8 != 0);
0x0040f0f0 nop |
| label_2:
0x0040f0f4 lw t8, 0x18(fp) | t8 = *(arg_18h);
| label_0:
0x0040f0f8 move v0, t8 | v0 = t8;
0x0040f0fc move sp, fp |
0x0040f100 lw ra, 0x24(sp) | ra = *(var_24h);
0x0040f104 lw fp, 0x20(sp) | fp = *(var_20h);
0x0040f108 addiu sp, sp, 0x28 |
0x0040f10c jr ra | return v0;
0x0040f110 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/var/bluetooth/bin/hcitool @ 0x40a9bc */
| #include <stdint.h>
|
; (fcn) loc.0040a9bc () | void loc_0040a9bc () {
0x0040a9bc lui gp, 3 |
0x0040a9c0 addiu gp, gp, -0x32ac |
0x0040a9c4 addu gp, gp, t9 | gp += t9;
0x0040a9c8 addiu sp, sp, -0x30 |
0x0040a9cc sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x0040a9d0 sw fp, 0x28(sp) | *(var_28h) = fp;
0x0040a9d4 move fp, sp | fp = sp;
0x0040a9d8 sw gp, 0x20(sp) | *(var_20h) = gp;
0x0040a9dc sw a0, 0x30(fp) | *(arg_30h) = a0;
0x0040a9e0 sw a1, 0x34(fp) | *(arg_34h) = a1;
0x0040a9e4 lw t8, 0x30(fp) | t8 = *(arg_30h);
0x0040a9e8 lbu t8, 5(t8) | t8 = *((t8 + 5));
0x0040a9ec move v0, t8 | v0 = t8;
0x0040a9f0 lw t8, 0x30(fp) | t8 = *(arg_30h);
0x0040a9f4 lbu t8, 4(t8) | t8 = *((t8 + 4));
0x0040a9f8 lw v1, 0x30(fp) | v1 = *(arg_30h);
0x0040a9fc lbu v1, 3(v1) | v1 = *((v1 + 3));
0x0040aa00 move a2, v1 | a2 = v1;
0x0040aa04 lw v1, 0x30(fp) | v1 = *(arg_30h);
0x0040aa08 lbu v1, 2(v1) | v1 = *((v1 + 2));
0x0040aa0c move a1, v1 | a1 = v1;
0x0040aa10 lw v1, 0x30(fp) | v1 = *(arg_30h);
0x0040aa14 lbu v1, 1(v1) | v1 = *((v1 + 1));
0x0040aa18 move a0, v1 | a0 = v1;
0x0040aa1c lw v1, 0x30(fp) | v1 = *(arg_30h);
0x0040aa20 lbu v1, (v1) | v1 = *(v1);
0x0040aa24 sw a2, 0x10(sp) | *(var_10h) = a2;
0x0040aa28 sw a1, 0x14(sp) | *(var_14h) = a1;
0x0040aa2c sw a0, 0x18(sp) | *(var_18h) = a0;
0x0040aa30 sw v1, 0x1c(sp) | *(var_1ch) = v1;
0x0040aa34 lw a0, 0x34(fp) | a0 = *(arg_34h);
0x0040aa38 lw v1, -0x7fd8(gp) | v1 = *((gp - 8182));
| /* esilref: '&2.2X:&2.2X:&2.2X:&2.2X:&2.2X:&2.2X' */
0x0040aa3c addiu a1, v1, -0x6200 | a1 = v1 + -0x6200;
0x0040aa40 move a2, v0 | a2 = v0;
0x0040aa44 move a3, t8 | a3 = t8;
0x0040aa48 lw t8, -0x7f70(gp) | t8 = sym.imp.sprintf
0x0040aa4c move t9, t8 | t9 = t8;
0x0040aa50 jalr t9 | t9 ();
0x0040aa54 nop |
0x0040aa58 lw gp, 0x20(fp) | gp = *(arg_20h);
0x0040aa5c move t8, v0 | t8 = v0;
0x0040aa60 move v0, t8 | v0 = t8;
0x0040aa64 move sp, fp |
0x0040aa68 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x0040aa6c lw fp, 0x28(sp) | fp = *(var_28h);
0x0040aa70 addiu sp, sp, 0x30 |
0x0040aa74 jr ra | return v0;
0x0040aa78 nop |
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/patool_extraction/DUMP/mtdblock8_unblob_extracted/mtdblock8_extract/0-9650176.squashfs_v4_le_extract/var/bluetooth/bin/hcitool @ 0x40ab80 */
| #include <stdint.h>
|
; (fcn) loc.0040ab80 () | void loc_0040ab80 () {
0x0040ab80 lui gp, 3 |
0x0040ab84 addiu gp, gp, -0x3470 |
0x0040ab88 addu gp, gp, t9 | gp += t9;
0x0040ab8c addiu sp, sp, -0x28 |
0x0040ab90 sw ra, 0x24(sp) | *(var_24h) = ra;
0x0040ab94 sw fp, 0x20(sp) | *(var_20h) = fp;
0x0040ab98 move fp, sp | fp = sp;
0x0040ab9c sw gp, 0x18(sp) | *(var_18h) = gp;
0x0040aba0 sw a0, 0x28(fp) | *(arg_28h) = a0;
0x0040aba4 sw a1, 0x2c(fp) | *(arg_2ch) = a1;
0x0040aba8 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x0040abac lbu t8, 5(t8) | t8 = *((t8 + 5));
0x0040abb0 move v0, t8 | v0 = t8;
0x0040abb4 lw t8, 0x28(fp) | t8 = *(arg_28h);
0x0040abb8 lbu t8, 4(t8) | t8 = *((t8 + 4));
0x0040abbc lw v1, 0x28(fp) | v1 = *(arg_28h);
0x0040abc0 lbu v1, 3(v1) | v1 = *((v1 + 3));
0x0040abc4 sw v1, 0x10(sp) | *(var_10h) = v1;
0x0040abc8 lw a0, 0x2c(fp) | a0 = *(arg_2ch);
0x0040abcc lw v1, -0x7fd8(gp) | v1 = *((gp - 8182));
| /* str._2.2X__2.2X__2.2X */
0x0040abd0 addiu a1, v1, -0x61dc | a1 = v1 + -0x61dc;
0x0040abd4 move a2, v0 | a2 = v0;
0x0040abd8 move a3, t8 | a3 = t8;
0x0040abdc lw t8, -0x7f70(gp) | t8 = sym.imp.sprintf
0x0040abe0 move t9, t8 | t9 = t8;
0x0040abe4 jalr t9 | t9 ();
0x0040abe8 nop |
0x0040abec lw gp, 0x18(fp) | gp = *(arg_18h);
0x0040abf0 move t8, v0 | t8 = v0;
0x0040abf4 move v0, t8 | v0 = t8;
0x0040abf8 move sp, fp |
0x0040abfc lw ra, 0x24(sp) | ra = *(var_24h);
0x0040ac00 lw fp, 0x20(sp) | fp = *(var_20h);
0x0040ac04 addiu sp, sp, 0x28 |
0x0040ac08 jr ra | return v0;
0x0040ac0c nop |
| }
[*] Function sprintf used 8 times hcitool
