[*] Binary protection state of php-cli
Full RELRO No Canary found NX enabled No PIE No RPATH No RUNPATH No Symbols
[*] Function mmap tear down of php-cli
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/usr/bin/php-cli @ 0x542840 */
| #include <stdint.h>
|
; (fcn) sym._php_stream_copy_to_stream_ex () | void php_stream_copy_to_stream_ex () {
0x00542840 lui gp, 0x1d |
0x00542844 addiu gp, gp, -0x4640 |
0x00542848 addu gp, gp, t9 | gp += t9;
0x0054284c addiu sp, sp, -0x20e0 |
0x00542850 sw gp, 0x18(sp) | *(arg_18h) = gp;
0x00542854 sw fp, 0x20d8(sp) | *(arg_20d8h) = fp;
0x00542858 sw s3, 0x20c4(sp) | *(arg_20c4h) = s3;
0x0054285c sw s0, 0x20b8(sp) | *(arg_20b8h) = s0;
0x00542860 sw ra, 0x20dc(sp) | *(arg_20dch) = ra;
0x00542864 sw s7, 0x20d4(sp) | *(arg_20d4h) = s7;
0x00542868 sw s6, 0x20d0(sp) | *(arg_20d0h) = s6;
0x0054286c sw s5, 0x20cc(sp) | *(arg_20cch) = s5;
0x00542870 sw s4, 0x20c8(sp) | *(arg_20c8h) = s4;
0x00542874 sw s2, 0x20c0(sp) | *(arg_20c0h) = s2;
0x00542878 sw s1, 0x20bc(sp) | *(arg_20bch) = s1;
0x0054287c move s0, a0 | s0 = a0;
0x00542880 move fp, a1 | fp = a1;
0x00542884 move s3, a2 | s3 = a2;
| if (a3 != 0) {
0x00542888 bnez a3, 0x5428a4 | goto label_4;
| }
0x0054288c addiu s2, sp, 0x20b0 | s2 = sp + 0x20b0;
| do {
| if (s3 != 0) {
0x00542890 bnez s3, 0x5428ac | goto label_5;
| }
0x00542894 nop |
0x00542898 sw zero, (s2) | *(s2) = 0;
| label_2:
0x0054289c move v0, zero | v0 = 0;
0x005428a0 b 0x5428f0 | goto label_0;
| label_4:
0x005428a4 move s2, a3 | s2 = a3;
0x005428a8 b 0x542890 |
| } while (1);
| label_5:
0x005428ac addiu v0, zero, -1 | v0 = -1;
0x005428b0 lw t9, -0x7970(gp) | t9 = sym._php_stream_stat;
| if (s3 == v0) {
0x005428b4 bne s3, v0, 0x5428bc |
0x005428b8 move s3, zero | s3 = 0;
| }
0x005428bc addiu a1, sp, 0x2020 | a1 = sp + 0x2020;
0x005428c0 move a0, s0 | a0 = s0;
0x005428c4 bal 0x541250 | sym_php_stream_stat ();
0x005428c8 lw gp, 0x18(sp) | gp = *(arg_18h);
| if (v0 != 0) {
0x005428cc bnez v0, 0x542920 | goto label_6;
| }
0x005428d0 lw v1, 0x2050(sp) | v1 = *(arg_2050h);
0x005428d4 lw v1, 0x2034(sp) | v1 = *(arg_2034h);
| if (v1 != 0) {
0x005428d8 bnez v1, 0x542920 | goto label_6;
| }
0x005428dc ori a0, zero, 0x8000 | a0 = 0x8000;
0x005428e0 andi v1, v1, 0xf000 | v1 &= 0xf000;
| if (v1 != a0) {
0x005428e4 bne v1, a0, 0x542920 | goto label_6;
| }
0x005428e8 nop |
0x005428ec sw zero, (s2) | *(s2) = 0;
| do {
| label_0:
0x005428f0 lw ra, 0x20dc(sp) | ra = *(arg_20dch);
0x005428f4 lw fp, 0x20d8(sp) | fp = *(arg_20d8h);
0x005428f8 lw s7, 0x20d4(sp) | s7 = *(arg_20d4h);
0x005428fc lw s6, 0x20d0(sp) | s6 = *(arg_20d0h);
0x00542900 lw s5, 0x20cc(sp) | s5 = *(arg_20cch);
0x00542904 lw s4, 0x20c8(sp) | s4 = *(arg_20c8h);
0x00542908 lw s3, 0x20c4(sp) | s3 = *(arg_20c4h);
0x0054290c lw s2, 0x20c0(sp) | s2 = *(arg_20c0h);
0x00542910 lw s1, 0x20bc(sp) | s1 = *(arg_20bch);
0x00542914 lw s0, 0x20b8(sp) | s0 = *(arg_20b8h);
0x00542918 addiu sp, sp, 0x20e0 |
0x0054291c jr ra | return v0;
| label_6:
0x00542920 lw v0, 8(s0) | v0 = *((s0 + 2));
0x00542924 addiu s6, sp, 0x20 | s6 = sp + 0x20;
| if (v0 != 0) {
0x00542928 bnez v0, 0x5429d4 | goto label_7;
| }
0x0054292c lw v0, 0x14(s0) | v0 = *((s0 + 5));
0x00542930 move s1, zero | s1 = 0;
| if (v0 != 0) {
0x00542934 bnez v0, 0x5429d8 | goto label_1;
| }
0x00542938 lw t9, -0x7a58(gp) | t9 = sym._php_stream_set_option;
0x0054293c move a3, zero | a3 = 0;
0x00542940 move a2, zero | a2 = 0;
0x00542944 addiu a1, zero, 9 | a1 = 9;
0x00542948 move a0, s0 | a0 = s0;
0x0054294c bal 0x542190 | sym_php_stream_set_option ();
0x00542950 lw gp, 0x18(sp) | gp = *(arg_18h);
| if (v0 != 0) {
0x00542954 bnez v0, 0x5429d4 | goto label_7;
| }
0x00542958 lw t9, -0x7a24(gp) | t9 = sym._php_stream_tell;
0x0054295c move a0, s0 | a0 = s0;
0x00542960 bal 0x541f64 | sym_php_stream_tell ();
0x00542964 lw gp, 0x18(sp) | gp = *(arg_18h);
0x00542968 sw s6, 0x10(sp) | *(arg_10h) = s6;
0x0054296c addiu a3, zero, 2 | a3 = 2;
0x00542970 lw t9, -0x792c(gp) | t9 = sym._php_stream_mmap_range
0x00542974 move a2, s3 | a2 = s3;
0x00542978 move a1, v0 | a1 = v0;
0x0054297c move a0, s0 | a0 = s0;
0x00542980 bal 0x54f600 | sym_php_stream_mmap_range ()
0x00542984 lw gp, 0x18(sp) | gp = *(arg_18h);
| if (v0 == 0) {
0x00542988 beqz v0, 0x5429d4 | goto label_7;
| }
0x0054298c lw t9, -0x7a60(gp) | t9 = sym._php_stream_write;
0x00542990 lw a2, 0x20(sp) | a2 = *(arg_20h);
0x00542994 move a1, v0 | a1 = v0;
0x00542998 move a0, fp | a0 = fp;
0x0054299c bal 0x541d54 | sym_php_stream_write ();
0x005429a0 lw gp, 0x18(sp) | gp = *(arg_18h);
0x005429a4 lw a1, 0x20(sp) | a1 = *(arg_20h);
0x005429a8 move a0, s0 | a0 = s0;
0x005429ac lw t9, -0x68b0(gp) | t9 = sym._php_stream_mmap_unmap_ex
0x005429b0 move s1, v0 | s1 = v0;
0x005429b4 bal 0x54f6c4 | sym_php_stream_mmap_unmap_ex ()
0x005429b8 lw v0, 0x20(sp) | v0 = *(arg_20h);
0x005429bc sw s1, (s2) | *(s2) = s1;
| if (v0 == 0) {
0x005429c0 beqz v0, 0x542a38 | goto label_8;
| }
0x005429c4 xor v0, v0, s1 | v0 ^= s1;
0x005429c8 sltu v0, zero, v0 | v0 = (0 < v0) ? 1 : 0;
| label_3:
0x005429cc negu v0, v0 | __asm ("negu v0, v0");
0x005429d0 b 0x5428f0 |
| } while (1);
| label_7:
0x005429d4 move s1, zero | s1 = 0;
| label_1:
0x005429d8 addiu a2, zero, 0x2000 | a2 = 0x2000;
| if (s3 != 0) {
0x005429dc beqz s3, 0x5429f0 |
0x005429e0 subu a2, s3, s1 | __asm ("subu a2, s3, s1");
0x005429e4 sltiu v0, a2, 0x2000 | v0 = (a2 < 0x2000) ? 1 : 0;
0x005429e8 addiu v1, zero, 0x2000 | v1 = 0x2000;
| if (v0 == 0) {
0x005429ec movz a2, v1, v0 | a2 = v1;
| goto label_9;
| }
| }
| label_9:
0x005429f0 lw t9, -0x7a5c(gp) | t9 = sym._php_stream_read;
0x005429f4 move a1, s6 | a1 = s6;
0x005429f8 move a0, s0 | a0 = s0;
0x005429fc bal 0x54102c | sym_php_stream_read ();
0x00542a00 move s5, v0 | s5 = v0;
0x00542a04 lw gp, 0x18(sp) | gp = *(arg_18h);
| if (v0 == 0) {
0x00542a08 beqz v0, 0x542a58 | goto label_10;
| }
0x00542a0c move s4, v0 | s4 = v0;
0x00542a10 move s7, s6 | s7 = s6;
| do {
0x00542a14 lw t9, -0x7a60(gp) | t9 = sym._php_stream_write;
0x00542a18 move a2, s4 | a2 = s4;
0x00542a1c move a1, s7 | a1 = s7;
0x00542a20 move a0, fp | a0 = fp;
0x00542a24 bal 0x541d54 | sym_php_stream_write ();
0x00542a28 lw gp, 0x18(sp) | gp = *(arg_18h);
| if (v0 == 0) {
0x00542a2c bnez v0, 0x542a40 |
0x00542a30 addu s1, s1, s4 | s1 += s4;
0x00542a34 sw s1, (s2) | *(s2) = s1;
| label_8:
0x00542a38 addiu v0, zero, -1 | v0 = -1;
0x00542a3c b 0x5428f0 | goto label_0;
| }
0x00542a40 subu s4, s4, v0 | __asm ("subu s4, s4, v0");
0x00542a44 addu s7, s7, v0 | s7 += v0;
0x00542a48 bnez s4, 0x542a14 |
| } while (s4 != 0);
0x00542a4c addu s1, s1, s5 | s1 += s5;
| if (s3 != s1) {
0x00542a50 bne s3, s1, 0x5429d8 | goto label_1;
| }
0x00542a54 nop |
| label_10:
0x00542a58 sw s1, (s2) | *(s2) = s1;
| if (s1 != 0) {
0x00542a5c bnez s1, 0x54289c | goto label_2;
| }
0x00542a60 lbu v0, 0x38(s0) | v0 = *((s0 + 56));
0x00542a64 xori v0, v0, 8 | v0 ^= 8;
0x00542a68 ext v0, v0, 3, 1 | __asm ("ext v0, v0, 3, 1");
0x00542a6c b 0x5429cc | goto label_3;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/usr/bin/php-cli @ 0x542318 */
| #include <stdint.h>
|
; (fcn) sym._php_stream_passthru () | void php_stream_passthru () {
0x00542318 lui gp, 0x1d |
0x0054231c addiu gp, gp, -0x4118 |
0x00542320 addu gp, gp, t9 | gp += t9;
0x00542324 addiu sp, sp, -0x2038 |
0x00542328 lw v0, 8(a0) | v0 = *((a0 + 2));
0x0054232c sw gp, 0x18(sp) | *(arg_18h) = gp;
0x00542330 sw s3, 0x202c(sp) | *(arg_202ch) = s3;
0x00542334 sw s1, 0x2024(sp) | *(arg_2024h) = s1;
0x00542338 sw ra, 0x2034(sp) | *(arg_2034h) = ra;
0x0054233c sw s4, 0x2030(sp) | *(arg_2030h) = s4;
0x00542340 sw s2, 0x2028(sp) | *(arg_2028h) = s2;
0x00542344 sw s0, 0x2020(sp) | *(arg_2020h) = s0;
0x00542348 move s1, a0 | s1 = a0;
0x0054234c addiu s3, sp, 0x20 | s3 = sp + 0x20;
| if (v0 != 0) {
0x00542350 bnez v0, 0x54242c | goto label_1;
| }
0x00542354 lw v0, 0x14(a0) | v0 = *((a0 + 5));
0x00542358 lw t9, -0x7a58(gp) | t9 = sym._php_stream_set_option;
| if (v0 != 0) {
0x0054235c bnez v0, 0x54242c | goto label_1;
| }
0x00542360 move a3, zero | a3 = 0;
0x00542364 move a2, zero | a2 = 0;
0x00542368 addiu a1, zero, 9 | a1 = 9;
0x0054236c bal 0x542190 | sym_php_stream_set_option ();
0x00542370 lw gp, 0x18(sp) | gp = *(arg_18h);
| if (v0 != 0) {
0x00542374 bnez v0, 0x54242c | goto label_1;
| }
0x00542378 lw t9, -0x7a24(gp) | t9 = sym._php_stream_tell;
0x0054237c move a0, s1 | a0 = s1;
0x00542380 bal 0x541f64 | sym_php_stream_tell ();
0x00542384 lw gp, 0x18(sp) | gp = *(arg_18h);
0x00542388 sw s3, 0x10(sp) | *(arg_10h) = s3;
0x0054238c addiu a3, zero, 2 | a3 = 2;
0x00542390 lw t9, -0x792c(gp) | t9 = sym._php_stream_mmap_range
0x00542394 move a2, zero | a2 = 0;
0x00542398 move a1, v0 | a1 = v0;
0x0054239c move a0, s1 | a0 = s1;
0x005423a0 bal 0x54f600 | sym_php_stream_mmap_range ()
0x005423a4 move s4, v0 | s4 = v0;
0x005423a8 lw gp, 0x18(sp) | gp = *(arg_18h);
| if (v0 == 0) {
0x005423ac beqz v0, 0x54242c | goto label_1;
| }
0x005423b0 lui s2, 0x7fff | s2 = 0x7fff0000;
0x005423b4 move s0, zero | s0 = 0;
0x005423b8 ori s2, s2, 0xffff | s2 |= 0xffff;
0x005423bc lui s3, 0x8000 | s3 = 0x80000000;
0x005423c0 lw v0, 0x20(sp) | v0 = *(arg_20h);
| do {
0x005423c4 lw t9, -0x7980(gp) | t9 = sym.php_output_write;
0x005423c8 subu v0, v0, s0 | __asm ("subu v0, v0, s0");
0x005423cc sltu a1, v0, s3 | a1 = (v0 < s3) ? 1 : 0;
| if (a1 != 0) {
0x005423d0 movz v0, s2, a1 | v0 = s2;
| }
0x005423d4 move a1, v0 | a1 = v0;
0x005423d8 addu a0, s4, s0 | a0 = s4 + s0;
0x005423dc bal 0x53e488 | sym_php_output_write ();
0x005423e0 lw gp, 0x18(sp) | gp = *(arg_18h);
0x005423e4 lw a1, 0x20(sp) | a1 = *(arg_20h);
| if (v0 == 0) {
0x005423e8 beqz v0, 0x5423fc | goto label_2;
| }
0x005423ec addu s0, s0, v0 | s0 += v0;
0x005423f0 sltu v0, s0, a1 | v0 = (s0 < a1) ? 1 : 0;
0x005423f4 lw v0, 0x20(sp) | v0 = *(arg_20h);
0x005423f8 bnez v0, 0x5423c4 |
| } while (v0 != 0);
| label_2:
0x005423fc lw t9, -0x68b0(gp) | t9 = sym._php_stream_mmap_unmap_ex
0x00542400 move a0, s1 | a0 = s1;
0x00542404 bal 0x54f6c4 | sym_php_stream_mmap_unmap_ex ()
| do {
0x00542408 lw ra, 0x2034(sp) | ra = *(arg_2034h);
0x0054240c move v0, s0 | v0 = s0;
0x00542410 lw s4, 0x2030(sp) | s4 = *(arg_2030h);
0x00542414 lw s3, 0x202c(sp) | s3 = *(arg_202ch);
0x00542418 lw s2, 0x2028(sp) | s2 = *(arg_2028h);
0x0054241c lw s1, 0x2024(sp) | s1 = *(arg_2024h);
0x00542420 lw s0, 0x2020(sp) | s0 = *(arg_2020h);
0x00542424 addiu sp, sp, 0x2038 |
0x00542428 jr ra | return v0;
| label_1:
0x0054242c move s0, zero | s0 = 0;
| label_0:
0x00542430 lw t9, -0x7a5c(gp) | t9 = sym._php_stream_read;
0x00542434 addiu a2, zero, 0x2000 | a2 = 0x2000;
0x00542438 move a1, s3 | a1 = s3;
0x0054243c move a0, s1 | a0 = s1;
0x00542440 bal 0x54102c | sym_php_stream_read ();
0x00542444 move s2, v0 | s2 = v0;
0x00542448 lw gp, 0x18(sp) | gp = *(arg_18h);
0x0054244c beqz v0, 0x542408 |
| } while (v0 == 0);
0x00542450 lw t9, -0x7980(gp) | t9 = sym.php_output_write;
0x00542454 move a1, s2 | a1 = s2;
0x00542458 move a0, s3 | a0 = s3;
0x0054245c bal 0x53e488 | sym_php_output_write ();
0x00542460 addu s0, s0, s2 | s0 += s2;
0x00542464 lw gp, 0x18(sp) | gp = *(arg_18h);
0x00542468 b 0x542430 | goto label_0;
| }
[*] Function mmap used 9 times php-cli
