[*] Binary protection state of iwconfig
No RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH Symbols
[*] Function sprintf tear down of iwconfig
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwconfig @ 0x406a7c */
| #include <stdint.h>
|
; (fcn) sym.iw_ether_ntop () | void iw_ether_ntop () {
0x00406a7c lui gp, 2 |
0x00406a80 addiu gp, gp, -0x512c |
0x00406a84 addu gp, gp, t9 | gp += t9;
0x00406a88 addiu sp, sp, -0x30 |
0x00406a8c sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x00406a90 sw gp, 0x20(sp) | *(var_20h) = gp;
0x00406a94 lbu v0, 2(a0) | v0 = *((a0 + 2));
0x00406a98 lbu a2, (a0) | a2 = *(a0);
0x00406a9c lbu a3, 1(a0) | a3 = *((a0 + 1));
0x00406aa0 sw v0, 0x10(sp) | *(var_10h) = v0;
0x00406aa4 lbu v0, 3(a0) | v0 = *((a0 + 3));
0x00406aa8 lw t9, -0x7f38(gp) | t9 = sym.imp.sprintf
0x00406aac sw v0, 0x14(sp) | *(var_14h) = v0;
0x00406ab0 lbu v0, 4(a0) | v0 = *((a0 + 4));
0x00406ab4 sw v0, 0x18(sp) | *(var_18h) = v0;
0x00406ab8 lbu v0, 5(a0) | v0 = *((a0 + 5));
0x00406abc move a0, a1 | a0 = a1;
0x00406ac0 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x00406ac4 sw v0, 0x1c(sp) | *(var_1ch) = v0;
| /* str._02X:_02X:_02X:_02X:_02X:_02X */
0x00406ac8 addiu a1, a1, -0x721c | a1 += -0x721c;
0x00406acc jalr t9 | t9 ();
0x00406ad0 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x00406ad4 addiu sp, sp, 0x30 |
0x00406ad8 jr ra | return v0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwconfig @ 0x4069a0 */
| #include <stdint.h>
|
; (fcn) sym.iw_mac_ntop () | void iw_mac_ntop () {
0x004069a0 lui gp, 2 |
0x004069a4 addiu gp, gp, -0x5050 |
0x004069a8 addu gp, gp, t9 | gp += t9;
0x004069ac addiu v0, zero, 3 | v0 = 3;
0x004069b0 mul v0, a1, v0 | __asm ("mul v0, a1, v0");
0x004069b4 addiu sp, sp, -0x38 |
0x004069b8 sw gp, 0x10(sp) | *(var_10h) = gp;
0x004069bc sw ra, 0x34(sp) | *(var_34h) = ra;
0x004069c0 sw s5, 0x30(sp) | *(var_30h) = s5;
0x004069c4 sw s4, 0x2c(sp) | *(var_2ch) = s4;
0x004069c8 sw s3, 0x28(sp) | *(var_28h) = s3;
0x004069cc sw s2, 0x24(sp) | *(var_24h) = s2;
0x004069d0 sw s1, 0x20(sp) | *(var_20h) = s1;
0x004069d4 sw s0, 0x1c(sp) | *(var_1ch) = s0;
0x004069d8 slt a3, a3, v0 | a3 = (a3 < v0) ? 1 : 0;
0x004069dc move s4, a0 | s4 = a0;
| if (a3 != 0) {
0x004069e0 bnez a3, 0x406a50 | goto label_0;
| }
0x004069e4 move s3, a1 | s3 = a1;
0x004069e8 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x004069ec lw t9, -0x7f38(gp) | t9 = sym.imp.sprintf
0x004069f0 move s0, a2 | s0 = a2;
0x004069f4 move a0, a2 | a0 = a2;
0x004069f8 lbu a2, (s4) | a2 = *(s4);
| /* str._02X */
0x004069fc addiu a1, a1, -0x7224 | a1 += -0x7224;
0x00406a00 addiu s2, s0, 2 | s2 = s0 + 2;
0x00406a04 jalr t9 | t9 ();
0x00406a08 lw gp, 0x10(sp) | gp = *(var_10h);
0x00406a0c addiu s1, zero, 1 | s1 = 1;
0x00406a10 lw s5, -0x7fd8(gp) | s5 = *((gp - 8182));
| /* esilref: ':&X' */
0x00406a14 addiu s5, s5, -0x7204 | s5 += -0x7204;
0x00406a18 b 0x406a3c |
| while (v0 != 0) {
0x00406a1c lw t9, -0x7f38(gp) | t9 = sym.imp.sprintf
0x00406a20 lbu a2, (v0) | a2 = *(v0);
0x00406a24 move a0, s2 | a0 = s2;
0x00406a28 move a1, s5 | a1 = s5;
0x00406a2c jalr t9 | t9 ();
0x00406a30 lw gp, 0x10(sp) | gp = *(var_10h);
0x00406a34 addiu s1, s1, 1 | s1++;
0x00406a38 addiu s2, s2, 3 | s2 += 3;
0x00406a3c slt v0, s1, s3 | v0 = (s1 < s3) ? 1 : 0;
0x00406a40 addu v0, s4, s1 | v0 = s4 + s1;
0x00406a44 bnez v0, 0x406a1c |
| }
0x00406a48 lw ra, 0x34(sp) | ra = *(var_34h);
0x00406a4c b 0x406a58 | goto label_1;
| label_0:
0x00406a50 move s0, zero | s0 = 0;
0x00406a54 lw ra, 0x34(sp) | ra = *(var_34h);
| label_1:
0x00406a58 move v0, s0 | v0 = s0;
0x00406a5c lw s5, 0x30(sp) | s5 = *(var_30h);
0x00406a60 lw s4, 0x2c(sp) | s4 = *(var_2ch);
0x00406a64 lw s3, 0x28(sp) | s3 = *(var_28h);
0x00406a68 lw s2, 0x24(sp) | s2 = *(var_24h);
0x00406a6c lw s1, 0x20(sp) | s1 = *(var_20h);
0x00406a70 lw s0, 0x1c(sp) | s0 = *(var_1ch);
0x00406a74 addiu sp, sp, 0x38 |
0x00406a78 jr ra | return v0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwconfig @ 0x405cf0 */
| #include <stdint.h>
|
; (fcn) sym.iw_print_key () | void iw_print_key () {
0x00405cf0 lui gp, 2 |
0x00405cf4 addiu gp, gp, -0x43a0 |
0x00405cf8 addu gp, gp, t9 | gp += t9;
0x00405cfc addiu v1, zero, 3 | v1 = 3;
0x00405d00 mul v1, a3, v1 | __asm ("mul v1, a3, v1");
0x00405d04 addiu sp, sp, -0x38 |
0x00405d08 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00405d0c sw ra, 0x34(sp) | *(var_34h) = ra;
0x00405d10 sw s6, 0x30(sp) | *(var_30h) = s6;
0x00405d14 sw s5, 0x2c(sp) | *(var_2ch) = s5;
0x00405d18 sw s4, 0x28(sp) | *(var_28h) = s4;
0x00405d1c sw s3, 0x24(sp) | *(var_24h) = s3;
0x00405d20 sw s2, 0x20(sp) | *(var_20h) = s2;
0x00405d24 sw s1, 0x1c(sp) | *(var_1ch) = s1;
0x00405d28 sw s0, 0x18(sp) | *(var_18h) = s0;
0x00405d2c slt v1, a1, v1 | v1 = (a1 < v1) ? 1 : 0;
0x00405d30 lw v0, 0x48(sp) | v0 = *(arg_48h);
| if (v1 != 0) {
0x00405d34 beqz v1, 0x405d6c |
0x00405d38 lw a2, -0x7fd8(gp) | a2 = *((gp - 8182));
0x00405d3c lw ra, 0x34(sp) | ra = *(var_34h);
0x00405d40 lw s6, 0x30(sp) | s6 = *(var_30h);
0x00405d44 lw s5, 0x2c(sp) | s5 = *(var_2ch);
0x00405d48 lw s4, 0x28(sp) | s4 = *(var_28h);
0x00405d4c lw s3, 0x24(sp) | s3 = *(var_24h);
0x00405d50 lw s2, 0x20(sp) | s2 = *(var_20h);
0x00405d54 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x00405d58 lw s0, 0x18(sp) | s0 = *(var_18h);
0x00405d5c lw t9, -0x7ee8(gp) | t9 = sym._MIPS_STUBS_;
| /* str._too_big_ */
0x00405d60 addiu a2, a2, -0x7414 | a2 += -0x7414;
0x00405d64 addiu sp, sp, 0x38 |
0x00405d68 jr t9 | t9 ();
| }
0x00405d6c andi v0, v0, 0x800 | v0 &= 0x800;
0x00405d70 move s0, a0 | s0 = a0;
0x00405d74 move s2, a3 | s2 = a3;
| if (v0 == 0) {
0x00405d78 beqz v0, 0x405e28 | goto label_0;
| }
0x00405d7c lw t9, -0x7f84(gp) | t9 = *(gp);
| if (a3 <= 0) {
0x00405d80 bgtz a3, 0x405db4 |
0x00405d84 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x00405d88 lw ra, 0x34(sp) | ra = *(var_34h);
0x00405d8c lw s6, 0x30(sp) | s6 = *(var_30h);
0x00405d90 lw s5, 0x2c(sp) | s5 = *(var_2ch);
0x00405d94 lw s4, 0x28(sp) | s4 = *(var_28h);
0x00405d98 lw s3, 0x24(sp) | s3 = *(var_24h);
0x00405d9c lw s2, 0x20(sp) | s2 = *(var_20h);
0x00405da0 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x00405da4 lw s0, 0x18(sp) | s0 = *(var_18h);
| /* esilref: 'on' */
0x00405da8 addiu a1, a1, -0x7cc8 | a1 += -0x7cc8;
0x00405dac addiu sp, sp, 0x38 |
0x00405db0 jr t9 | t9 ();
| }
0x00405db4 lw s3, -0x7fd8(gp) | s3 = *((gp - 8182));
0x00405db8 addiu s0, s0, 2 | s0 += 2;
0x00405dbc addiu s1, zero, 1 | s1 = 1;
| /* esilref: '**' */
0x00405dc0 addiu a1, s3, -0x7408 | a1 = s3 + -0x7408;
0x00405dc4 jalr t9 | t9 ();
0x00405dc8 lw gp, 0x10(sp) | gp = *(var_10h);
| /* esilref: '**' */
0x00405dcc addiu s3, s3, -0x7408 | s3 += -0x7408;
0x00405dd0 lw s4, -0x7fb0(gp) | s4 = *(gp);
0x00405dd4 addiu s4, s4, 0x7c40 | s4 += 0x7c40;
0x00405dd8 b 0x405e18 |
| while (s1 != s2) {
0x00405ddc lw t9, -0x7f84(gp) | t9 = *(gp);
| if (v0 == 0) {
0x00405de0 bnez v0, 0x405e00 |
0x00405de4 move a0, s0 | a0 = s0;
0x00405de8 move a1, s4 | a1 = s4;
0x00405dec jalr t9 | t9 ();
0x00405df0 lw gp, 0x10(sp) | gp = *(var_10h);
0x00405df4 addiu s5, s0, 1 | s5 = s0 + 1;
0x00405df8 move s0, s5 | s0 = s5;
0x00405dfc lw t9, -0x7f84(gp) | t9 = *(gp);
| }
0x00405e00 move a0, s0 | a0 = s0;
0x00405e04 move a1, s3 | a1 = s3;
0x00405e08 jalr t9 | t9 ();
0x00405e0c lw gp, 0x10(sp) | gp = *(var_10h);
0x00405e10 addiu s0, s0, 2 | s0 += 2;
0x00405e14 addiu s1, s1, 1 | s1++;
0x00405e18 andi v0, s1, 1 | v0 = s1 & 1;
0x00405e1c bne s1, s2, 0x405ddc |
| }
0x00405e20 lw ra, 0x34(sp) | ra = *(var_34h);
0x00405e24 b 0x405eb4 | goto label_1;
| label_0:
0x00405e28 lw s4, -0x7fd8(gp) | s4 = *((gp - 8182));
0x00405e2c lw t9, -0x7f38(gp) | t9 = sym.imp.sprintf
0x00405e30 move s3, a2 | s3 = a2;
0x00405e34 lbu a2, (a2) | a2 = *(a2);
| /* str._.2X */
0x00405e38 addiu a1, s4, -0x7404 | a1 = s4 + -0x7404;
0x00405e3c addiu s0, s0, 2 | s0 += 2;
0x00405e40 jalr t9 | t9 ();
0x00405e44 lw gp, 0x10(sp) | gp = *(var_10h);
0x00405e48 addiu s1, zero, 1 | s1 = 1;
| /* str._.2X */
0x00405e4c addiu s4, s4, -0x7404 | s4 += -0x7404;
0x00405e50 lw s5, -0x7fb0(gp) | s5 = *(gp);
0x00405e54 addiu s5, s5, 0x7c40 | s5 += 0x7c40;
0x00405e58 b 0x405ea4 |
| while (v0 != 0) {
0x00405e5c addu v0, s3, s1 | v0 = s3 + s1;
| if (v0 == 0) {
0x00405e60 bnez v0, 0x405e84 |
0x00405e64 lw t9, -0x7f84(gp) | t9 = *(gp);
0x00405e68 move a0, s0 | a0 = s0;
0x00405e6c move a1, s5 | a1 = s5;
0x00405e70 jalr t9 | t9 ();
0x00405e74 lw gp, 0x10(sp) | gp = *(var_10h);
0x00405e78 addiu s6, s0, 1 | s6 = s0 + 1;
0x00405e7c move s0, s6 | s0 = s6;
0x00405e80 addu v0, s3, s1 | v0 = s3 + s1;
| }
0x00405e84 lw t9, -0x7f38(gp) | t9 = sym.imp.sprintf
0x00405e88 lbu a2, (v0) | a2 = *(v0);
0x00405e8c move a0, s0 | a0 = s0;
0x00405e90 move a1, s4 | a1 = s4;
0x00405e94 jalr t9 | t9 ();
0x00405e98 lw gp, 0x10(sp) | gp = *(var_10h);
0x00405e9c addiu s0, s0, 2 | s0 += 2;
0x00405ea0 addiu s1, s1, 1 | s1++;
0x00405ea4 slt v0, s1, s2 | v0 = (s1 < s2) ? 1 : 0;
0x00405ea8 andi v0, s1, 1 | v0 = s1 & 1;
0x00405eac bnez v0, 0x405e5c |
| }
0x00405eb0 lw ra, 0x34(sp) | ra = *(var_34h);
| label_1:
0x00405eb4 lw s6, 0x30(sp) | s6 = *(var_30h);
0x00405eb8 lw s5, 0x2c(sp) | s5 = *(var_2ch);
0x00405ebc lw s4, 0x28(sp) | s4 = *(var_28h);
0x00405ec0 lw s3, 0x24(sp) | s3 = *(var_24h);
0x00405ec4 lw s2, 0x20(sp) | s2 = *(var_20h);
0x00405ec8 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x00405ecc lw s0, 0x18(sp) | s0 = *(var_18h);
0x00405ed0 addiu sp, sp, 0x38 |
0x00405ed4 jr ra | return v0;
| }
[*] Function sprintf used 6 times iwconfig
