[*] Binary protection state of fwbacnet
No RELRO No Canary found NX enabled No PIE No RPATH No RUNPATH Symbols
[*] Function printf tear down of fwbacnet
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/mnt/sedona/fwbacnet @ 0x40afcc */
| #include <stdint.h>
|
; (fcn) sym.bvlc_fdt_forward_npdu () | void bvlc_fdt_forward_npdu () {
0x0040afcc addiu sp, sp, -0x630 |
0x0040afd0 sw s2, 0x61c(sp) | *(var_61ch) = s2;
0x0040afd4 sw s1, 0x618(sp) | *(var_618h) = s1;
0x0040afd8 sw s0, 0x614(sp) | *(var_614h) = s0;
0x0040afdc move s1, a2 | s1 = a2;
0x0040afe0 move s0, a1 | s0 = a1;
0x0040afe4 move s2, a0 | s2 = a0;
0x0040afe8 addiu a2, zero, 0x5e2 | a2 = 0x5e2;
0x0040afec addiu a0, sp, 0x18 | a0 = sp + 0x18;
0x0040aff0 move a1, zero | a1 = 0;
0x0040aff4 sw ra, 0x62c(sp) | *(var_62ch) = ra;
0x0040aff8 sw s4, 0x624(sp) | *(var_624h) = s4;
0x0040affc sw s3, 0x620(sp) | *(var_620h) = s3;
0x0040b000 sw s5, 0x628(sp) | *(var_628h) = s5;
0x0040b004 jal 0x436800 | fcn_00436800 ();
0x0040b008 move a3, s1 | a3 = s1;
0x0040b00c move a2, s0 | a2 = s0;
0x0040b010 move a1, s2 | a1 = s2;
0x0040b014 addiu a0, sp, 0x18 | a0 = sp + 0x18;
0x0040b018 sw zero, 0x5fc(sp) | *(var_5fch) = 0;
0x0040b01c sw zero, 0x600(sp) | *(var_600h) = 0;
0x0040b020 sw zero, 0x604(sp) | *(var_604h) = 0;
0x0040b024 sw zero, 0x608(sp) | *(var_608h) = 0;
0x0040b028 lui s0, 0x45 | s0 = 0x450000;
0x0040b02c jal 0x40a7f4 | sym_bvlc_encode_forwarded_npdu ();
0x0040b030 lui s1, 0x45 | s1 = 0x450000;
0x0040b034 lui s3, 0x43 | s3 = 0x430000;
| /* obj.FD_Table */
0x0040b038 addiu s0, s0, -0x4f94 | s0 += -0x4f94;
| /* obj.BBMD_Table */
0x0040b03c addiu s1, s1, -0x4794 | s1 += -0x4794;
0x0040b040 andi s4, v0, 0xffff | s4 = v0 & 0xffff;
| /* str.BVLC:_FDT_Sent_Forwarded_NPDU_to__s:_04X_n */
0x0040b044 addiu s3, s3, 0xcdc | s3 += 0xcdc;
0x0040b048 b 0x40b058 |
| while (v0 == 0) {
| label_0:
0x0040b04c addiu s0, s0, 0x10 | s0 += 0x10;
| if (s0 == s1) {
| label_3:
0x0040b050 beq s0, s1, 0x40b100 | goto label_4;
| }
0x0040b054 nop |
| label_1:
0x0040b058 lbu v0, (s0) | v0 = *(s0);
0x0040b05c nop |
0x0040b060 beqz v0, 0x40b04c |
| }
0x0040b064 nop |
0x0040b068 lw v0, 0xc(s0) | v0 = *((s0 + 3));
0x0040b06c nop |
| if (v0 == 0) {
0x0040b070 beqz v0, 0x40b04c | goto label_0;
| }
0x0040b074 nop |
0x0040b078 lw s5, 4(s0) | s5 = *((s0 + 1));
0x0040b07c lhu v0, 8(s0) | v0 = *((s0 + 4));
0x0040b080 sw s5, 0x600(sp) | *(var_600h) = s5;
0x0040b084 sh v0, 0x5fe(sp) | *(var_5feh) = v0;
0x0040b088 jal 0x40a220 | sym_bip_get_addr ();
| if (s5 == v0) {
0x0040b08c beq s5, v0, 0x40b124 | goto label_5;
| }
0x0040b090 nop |
| label_2:
0x0040b094 lw v1, 0x600(sp) | v1 = *(var_600h);
0x0040b098 lw v0, 4(s2) | v0 = *((s2 + 1));
0x0040b09c nop |
0x0040b0a0 move a2, s4 | a2 = s4;
| if (v1 != v0) {
0x0040b0a4 bne v1, v0, 0x40b0bc | goto label_6;
| }
0x0040b0a8 lhu v1, 0x5fe(sp) | v1 = *(var_5feh);
0x0040b0ac lhu v0, 2(s2) | v0 = *((s2 + 1));
0x0040b0b0 nop |
| if (v1 == v0) {
0x0040b0b4 beq v1, v0, 0x40b04c | goto label_0;
| }
0x0040b0b8 nop |
| label_6:
0x0040b0bc addiu a1, sp, 0x18 | a1 = sp + 0x18;
0x0040b0c0 addiu a0, sp, 0x5fc | a0 = sp + 0x5fc;
0x0040b0c4 jal 0x40ab5c | sym_bvlc_send_mpdu ();
0x0040b0c8 lw a0, 0x600(sp) | a0 = *(var_600h);
0x0040b0cc addiu s0, s0, 0x10 | s0 += 0x10;
0x0040b0d0 jal 0x4365a0 | fcn_004365a0 ();
0x0040b0d4 lhu v1, 0x5fe(sp) | v1 = *(var_5feh);
0x0040b0d8 move a1, v0 | a1 = v0;
0x0040b0dc andi a2, v1, 0xffff | a2 = v1 & 0xffff;
0x0040b0e0 srl a2, a2, 8 | a2 >>= 8;
0x0040b0e4 sll v1, v1, 8 | v1 <<= 8;
0x0040b0e8 or a2, v1, a2 | a2 = v1 | a2;
0x0040b0ec andi a2, a2, 0xffff | a2 &= 0xffff;
0x0040b0f0 move a0, s3 | a0 = s3;
0x0040b0f4 jal 0x40e7c0 | sym_debug_printf ()
| if (s0 != s1) {
0x0040b0f8 bne s0, s1, 0x40b058 | goto label_1;
| }
0x0040b0fc nop |
| label_4:
0x0040b100 lw ra, 0x62c(sp) | ra = *(var_62ch);
0x0040b104 lw s5, 0x628(sp) | s5 = *(var_628h);
0x0040b108 lw s4, 0x624(sp) | s4 = *(var_624h);
0x0040b10c lw s3, 0x620(sp) | s3 = *(var_620h);
0x0040b110 lw s2, 0x61c(sp) | s2 = *(var_61ch);
0x0040b114 lw s1, 0x618(sp) | s1 = *(var_618h);
0x0040b118 lw s0, 0x614(sp) | s0 = *(var_614h);
0x0040b11c addiu sp, sp, 0x630 |
0x0040b120 jr ra | return v1;
| label_5:
0x0040b124 lhu s5, 0x5fe(sp) | s5 = *(var_5feh);
0x0040b128 jal 0x40a258 | sym_bip_get_port ();
0x0040b12c nop |
| if (s5 != v0) {
0x0040b130 bne s5, v0, 0x40b094 | goto label_2;
| }
0x0040b134 nop |
0x0040b138 addiu s0, s0, 0x10 | s0 += 0x10;
0x0040b13c b 0x40b050 | goto label_3;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/mnt/sedona/fwbacnet @ 0x40bc78 */
| #include <stdint.h>
|
; (fcn) sym.bvlc_send_pdu () | void bvlc_send_pdu () {
0x0040bc78 addiu sp, sp, -0x630 |
0x0040bc7c move a1, zero | a1 = 0;
0x0040bc80 sw s3, 0x628(sp) | *(var_628h) = s3;
0x0040bc84 sw s0, 0x61c(sp) | *(var_61ch) = s0;
0x0040bc88 move s3, a2 | s3 = a2;
0x0040bc8c move s0, a0 | s0 = a0;
0x0040bc90 addiu a2, zero, 0x5e2 | a2 = 0x5e2;
0x0040bc94 addiu a0, sp, 0x18 | a0 = sp + 0x18;
0x0040bc98 sw s2, 0x624(sp) | *(var_624h) = s2;
0x0040bc9c sw ra, 0x62c(sp) | *(var_62ch) = ra;
0x0040bca0 sw s1, 0x620(sp) | *(var_620h) = s1;
0x0040bca4 move s2, a3 | s2 = a3;
0x0040bca8 sw zero, 0x5fc(sp) | *(var_5fch) = 0;
0x0040bcac sw zero, 0x600(sp) | *(var_600h) = 0;
0x0040bcb0 sw zero, 0x604(sp) | *(var_604h) = 0;
0x0040bcb4 sw zero, 0x608(sp) | *(var_608h) = 0;
0x0040bcb8 jal 0x436800 | fcn_00436800 ();
0x0040bcbc lhu v0, 8(s0) | v0 = *((s0 + 4));
0x0040bcc0 addiu a0, zero, -0x7f | a0 = -0x7f;
0x0040bcc4 ori v1, zero, 0xffff | v1 = 0xffff;
0x0040bcc8 sh zero, 0x610(sp) | *(var_610h) = 0;
0x0040bccc sb a0, 0x18(sp) | *(var_18h) = a0;
| if (v0 == v1) {
0x0040bcd0 beq v0, v1, 0x40bcec | goto label_2;
| }
| if (v0 == 0) {
0x0040bcd4 beqz v0, 0x40bdb0 | goto label_3;
| }
0x0040bcd8 nop |
0x0040bcdc lbu v0, 0xa(s0) | v0 = *((s0 + 10));
0x0040bce0 nop |
| if (v0 != 0) {
0x0040bce4 bnez v0, 0x40bdb0 | goto label_3;
| }
0x0040bce8 nop |
| do {
| label_2:
0x0040bcec lui v0, 0x45 | v0 = Remote_BBMD;
| /* obj.Remote_BBMD */
0x0040bcf0 addiu v0, v0, -0x3f94 |
0x0040bcf4 lhu v1, 2(v0) | v1 = *((v0 + 1));
0x0040bcf8 nop |
| if (v1 != 0) {
0x0040bcfc beqz v1, 0x40bd18 |
0x0040bd00 nop |
0x0040bd04 lui a0, 0x45 | a0 = 0x450000;
0x0040bd08 lhu a1, -0x4fa0(a0) | a1 = *((a0 - 10192));
0x0040bd0c addiu a0, zero, 2 | a0 = 2;
0x0040bd10 addiu a1, zero, 9 | a1 = 9;
| if (a1 == a0) {
0x0040bd14 beq a1, a0, 0x40bdf0 | goto label_4;
| }
| }
0x0040bd18 jal 0x40a23c | sym_bip_get_broadcast_addr ();
0x0040bd1c nop |
0x0040bd20 sw v0, 0x60c(sp) | *(var_60ch) = v0;
0x0040bd24 jal 0x40a258 | sym_bip_get_port ();
0x0040bd28 lui a0, 0x43 | a0 = 0x430000;
0x0040bd2c sh v0, 0x610(sp) | *(var_610h) = v0;
| /* str.BVLC:_Sent_Original_Broadcast_NPDU._n */
0x0040bd30 addiu a0, a0, 0xf64 | a0 += 0xf64;
0x0040bd34 addiu v0, zero, 0xb | v0 = 0xb;
0x0040bd38 sb v0, 0x19(sp) | *(var_19h) = v0;
0x0040bd3c jal 0x40e7c0 | sym_debug_printf ()
| label_0:
0x0040bd40 lw v0, 0x60c(sp) | v0 = *(var_60ch);
0x0040bd44 andi s0, s2, 0xffff | s0 = s2 & 0xffff;
0x0040bd48 sw v0, 0x600(sp) | *(var_600h) = v0;
0x0040bd4c addiu a1, s0, 4 | a1 = s0 + 4;
0x0040bd50 lhu v0, 0x610(sp) | v0 = *(var_610h);
0x0040bd54 andi a1, a1, 0xffff | a1 &= 0xffff;
0x0040bd58 addiu a0, sp, 0x1a | a0 = sp + 0x1a;
0x0040bd5c sh v0, 0x5fe(sp) | *(var_5feh) = v0;
0x0040bd60 jal 0x408830 | sym_encode_unsigned16 ();
0x0040bd64 addiu v0, v0, 2 | v0 += 2;
0x0040bd68 andi s1, v0, 0xffff | s1 = v0 & 0xffff;
0x0040bd6c addiu v0, sp, 0x18 | v0 = sp + 0x18;
0x0040bd70 move a2, s2 | a2 = s2;
0x0040bd74 move a1, s3 | a1 = s3;
0x0040bd78 addu a0, v0, s1 | a0 = v0 + s1;
0x0040bd7c jal 0x436560 | fcn_00436560 ();
0x0040bd80 addu a2, s0, s1 | a2 = s0 + s1;
0x0040bd84 andi a2, a2, 0xffff | a2 &= 0xffff;
0x0040bd88 addiu a1, sp, 0x18 | a1 = sp + 0x18;
0x0040bd8c addiu a0, sp, 0x5fc | a0 = sp + 0x5fc;
0x0040bd90 jal 0x40ab5c | sym_bvlc_send_mpdu ();
| label_1:
0x0040bd94 lw ra, 0x62c(sp) | ra = *(var_62ch);
0x0040bd98 lw s3, 0x628(sp) | s3 = *(var_628h);
0x0040bd9c lw s2, 0x624(sp) | s2 = *(var_624h);
0x0040bda0 lw s1, 0x620(sp) | s1 = *(var_620h);
0x0040bda4 lw s0, 0x61c(sp) | s0 = *(var_61ch);
0x0040bda8 addiu sp, sp, 0x630 |
0x0040bdac jr ra | return v0;
| label_3:
0x0040bdb0 lbu v0, (s0) | v0 = *(s0);
0x0040bdb4 nop |
0x0040bdb8 addiu v1, zero, 6 | v1 = 6;
0x0040bdbc beqz v0, 0x40bcec |
| } while (v0 == 0);
0x0040bdc0 addiu a2, sp, 0x610 | a2 = sp + 0x610;
| if (v0 == v1) {
0x0040bdc4 bne v0, v1, 0x40be14 |
0x0040bdc8 addiu a1, sp, 0x60c | a1 = sp + 0x60c;
0x0040bdcc addiu a0, s0, 1 | a0 = s0 + 1;
0x0040bdd0 jal 0x40a8a8 | sym_bvlc_decode_bip_address ();
0x0040bdd4 lui a0, 0x43 | a0 = 0x430000;
0x0040bdd8 addiu v0, zero, 0xa | v0 = 0xa;
| /* str.BVLC:_Sent_Original_Unicast_NPDU._n */
0x0040bddc addiu a0, a0, 0xf8c | a0 += 0xf8c;
0x0040bde0 sb v0, 0x19(sp) | *(var_19h) = v0;
0x0040bde4 jal 0x40e7c0 | sym_debug_printf ()
0x0040bde8 b 0x40bd40 | goto label_0;
0x0040bdec nop |
| label_4:
0x0040bdf0 lw v0, 4(v0) | v0 = *((v0 + 1));
0x0040bdf4 lui a0, 0x43 | a0 = "BVLC: Sent Distribute-Broadcast-to-Network.\n";
| /* str.BVLC:_Sent_Distribute_Broadcast_to_Network._n */
0x0040bdf8 addiu a0, a0, 0xf34 |
0x0040bdfc sb a1, 0x19(sp) | *(var_19h) = a1;
0x0040be00 sw v0, 0x60c(sp) | *(var_60ch) = v0;
0x0040be04 sh v1, 0x610(sp) | *(var_610h) = v1;
0x0040be08 jal 0x40e7c0 | sym_debug_printf ()
0x0040be0c b 0x40bd40 | goto label_0;
0x0040be10 nop |
| }
0x0040be14 lui a0, 0x43 | a0 = "bvlc_send_pdu: Invalid dest Bacnet address";
| /* str.bvlc_send_pdu:_Invalid_dest_Bacnet_address */
0x0040be18 addiu a0, a0, 0xfb0 |
0x0040be1c jal 0x436700 | fcn_00436700 ();
0x0040be20 addiu v0, zero, -1 | v0 = -1;
0x0040be24 b 0x40bd94 | goto label_1;
| }
[*] Function printf used 5 times fwbacnet
