[*] Binary protection state of libsCHL.so
No RELRO No Canary found NX disabled DSO No RPATH No RUNPATH No Symbols
[*] Function sprintf tear down of libsCHL.so
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/lib/libsCHL.so @ 0x13c0 */
| #include <stdint.h>
|
; (fcn) fcn.000013c0 () | void fcn_000013c0 () {
0x000013c0 lui gp, 2 |
0x000013c4 addiu gp, gp, -0x48e0 |
0x000013c8 addu gp, gp, t9 | gp += t9;
0x000013cc addiu sp, sp, -0x30 |
0x000013d0 sw s3, 0x28(sp) | *(var_28h) = s3;
0x000013d4 lw s3, -0x7fe4(gp) | s3 = *((gp - 8185));
0x000013d8 sw gp, 0x10(sp) | *(var_10h) = gp;
0x000013dc sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x000013e0 lbu v0, 0x4bc0(s3) | v0 = *((s3 + 19392));
0x000013e4 sw s2, 0x24(sp) | *(var_24h) = s2;
0x000013e8 sw s1, 0x20(sp) | *(var_20h) = s1;
0x000013ec sw s0, 0x1c(sp) | *(var_1ch) = s0;
0x000013f0 lw v0, -0x7f58(gp) | v0 = *((gp - 8150));
| if (v0 != 0) {
0x000013f4 bnez v0, 0x14ac | goto label_1;
| }
0x000013f8 lw v0, -0x7fe0(gp) | v0 = *((gp - 8184));
| if (v0 != 0) {
0x000013fc beqz v0, 0x1410 |
0x00001400 lw t9, -0x7f58(gp) | t9 = *((gp - 8150));
0x00001404 lw a0, (v0) | a0 = *(v0);
0x00001408 jalr t9 | t9 ();
0x0000140c lw gp, 0x10(sp) | gp = *(var_10h);
| }
0x00001410 lw s2, -0x7fe4(gp) | s2 = *((gp - 8185));
0x00001414 lw s0, -0x7fe4(gp) | s0 = *((gp - 8185));
0x00001418 lw s1, -0x7fdc(gp) | s1 = *((gp - 8183));
0x0000141c addiu s2, s2, 0x4adc | s2 += 0x4adc;
0x00001420 lw v0, 0x4bc4(s0) | v0 = *((s0 + 4849));
0x00001424 subu s1, s1, s2 | __asm ("subu s1, s1, s2");
0x00001428 sra s1, s1, 2 | s1 >>= 2;
0x0000142c addiu s1, s1, -1 | s1 += -1;
0x00001430 sltu v1, v0, s1 | v1 = (v0 < s1) ? 1 : 0;
0x00001434 lw t9, -0x7fd8(gp) | t9 = *((gp - 8182));
| if (v1 == 0) {
0x00001438 beqz v1, 0x1468 | goto label_2;
| }
| do {
0x0000143c addiu v0, v0, 1 | v0++;
0x00001440 sll v1, v0, 2 | v1 = v0 << 2;
0x00001444 addu v1, s2, v1 | v1 = s2 + v1;
0x00001448 lw t9, (v1) | t9 = *(v1);
0x0000144c sw v0, 0x4bc4(s0) | *((s0 + 4849)) = v0;
0x00001450 jalr t9 | t9 ();
0x00001454 lw v0, 0x4bc4(s0) | v0 = *((s0 + 4849));
0x00001458 sltu v1, v0, s1 | v1 = (v0 < s1) ? 1 : 0;
0x0000145c lw gp, 0x10(sp) | gp = *(var_10h);
0x00001460 bnez v1, 0x143c |
| } while (v1 != 0);
0x00001464 lw t9, -0x7fd8(gp) | t9 = *((gp - 8182));
| label_2:
0x00001468 addiu t9, t9, 0x1330 | t9 += entry0;
0x0000146c bal 0x1330 | entry0 ();
0x00001470 nop |
0x00001474 lw gp, 0x10(sp) | gp = *(var_10h);
0x00001478 lw v0, -0x7f84(gp) | v0 = *((gp - 8161));
0x0000147c lw a0, -0x7f90(gp) | a0 = *((gp - 8164));
| if (v0 == 0) {
0x00001480 beqz v0, 0x14c8 | goto label_3;
| }
0x00001484 lw v0, -0x7f80(gp) | v0 = *((gp - 8160));
| if (a0 == 0) {
0x00001488 beqz a0, 0x14cc | goto label_4;
| }
0x0000148c lb v0, (a0) | v0 = *(a0);
0x00001490 slti v0, v0, 2 | v0 = (v0 < 2) ? 1 : 0;
0x00001494 lw t9, -0x7f80(gp) | t9 = *((gp - 8160));
| if (v0 != 0) {
0x00001498 bnez v0, 0x14c8 | goto label_3;
| }
0x0000149c jalr t9 | t9 ();
0x000014a0 nop |
| do {
0x000014a4 addiu v0, zero, 1 | v0 = 1;
| label_0:
0x000014a8 sb v0, 0x4bc0(s3) | *((s3 + 19392)) = v0;
| label_1:
0x000014ac lw ra, 0x2c(sp) | ra = *(var_2ch);
0x000014b0 lw s3, 0x28(sp) | s3 = *(var_28h);
0x000014b4 lw s2, 0x24(sp) | s2 = *(var_24h);
0x000014b8 lw s1, 0x20(sp) | s1 = *(var_20h);
0x000014bc lw s0, 0x1c(sp) | s0 = *(var_1ch);
0x000014c0 addiu sp, sp, 0x30 |
0x000014c4 jr ra | return v0;
| label_3:
0x000014c8 lw v0, -0x7f80(gp) | v0 = *((gp - 8160));
| label_4:
0x000014cc lw a0, -0x7fd8(gp) | a0 = *((gp - 8182));
0x000014d0 beqz v0, 0x14a4 |
| } while (v0 == 0);
0x000014d4 lw t9, -0x7f80(gp) | t9 = *((gp - 8160));
0x000014d8 addiu a0, a0, 0x4ad0 | a0 += section..eh_frame;
0x000014dc jalr t9 | t9 ();
0x000014e0 addiu v0, zero, 1 | v0 = 1;
0x000014e4 b 0x14a8 | goto label_0;
| }
[*] Function sprintf used 1 times libsCHL.so
