[*] Binary protection state of iwgetid
No RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH Symbols
[*] Function sprintf tear down of iwgetid
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwgetid @ 0x40473c */
| #include <stdint.h>
|
; (fcn) sym.iw_ether_ntop () | void iw_ether_ntop () {
0x0040473c lui gp, 2 |
0x00404740 addiu gp, gp, -0x55bc |
0x00404744 addu gp, gp, t9 | gp += t9;
0x00404748 addiu sp, sp, -0x30 |
0x0040474c sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x00404750 sw gp, 0x20(sp) | *(var_20h) = gp;
0x00404754 lbu v0, 2(a0) | v0 = *((a0 + 2));
0x00404758 lbu a2, (a0) | a2 = *(a0);
0x0040475c lbu a3, 1(a0) | a3 = *((a0 + 1));
0x00404760 sw v0, 0x10(sp) | *(var_10h) = v0;
0x00404764 lbu v0, 3(a0) | v0 = *((a0 + 3));
0x00404768 lw t9, -0x7f4c(gp) | t9 = sym.imp.sprintf
0x0040476c sw v0, 0x14(sp) | *(var_14h) = v0;
0x00404770 lbu v0, 4(a0) | v0 = *((a0 + 4));
0x00404774 sw v0, 0x18(sp) | *(var_18h) = v0;
0x00404778 lbu v0, 5(a0) | v0 = *((a0 + 5));
0x0040477c move a0, a1 | a0 = a1;
0x00404780 lw a1, -0x7fd8(gp) | a1 = *(gp);
0x00404784 sw v0, 0x1c(sp) | *(var_1ch) = v0;
| /* str._02X:_02X:_02X:_02X:_02X:_02X */
0x00404788 addiu a1, a1, 0x64d4 | a1 += 0x64d4;
0x0040478c jalr t9 | t9 ();
0x00404790 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x00404794 addiu sp, sp, 0x30 |
0x00404798 jr ra | return v0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwgetid @ 0x404660 */
| #include <stdint.h>
|
; (fcn) sym.iw_mac_ntop () | void iw_mac_ntop () {
0x00404660 lui gp, 2 |
0x00404664 addiu gp, gp, -0x54e0 |
0x00404668 addu gp, gp, t9 | gp += t9;
0x0040466c addiu v0, zero, 3 | v0 = 3;
0x00404670 mul v0, a1, v0 | __asm ("mul v0, a1, v0");
0x00404674 addiu sp, sp, -0x38 |
0x00404678 sw gp, 0x10(sp) | *(var_10h) = gp;
0x0040467c sw ra, 0x34(sp) | *(var_34h) = ra;
0x00404680 sw s5, 0x30(sp) | *(var_30h) = s5;
0x00404684 sw s4, 0x2c(sp) | *(var_2ch) = s4;
0x00404688 sw s3, 0x28(sp) | *(var_28h) = s3;
0x0040468c sw s2, 0x24(sp) | *(var_24h) = s2;
0x00404690 sw s1, 0x20(sp) | *(var_20h) = s1;
0x00404694 sw s0, 0x1c(sp) | *(var_1ch) = s0;
0x00404698 slt a3, a3, v0 | a3 = (a3 < v0) ? 1 : 0;
0x0040469c move s4, a0 | s4 = a0;
| if (a3 != 0) {
0x004046a0 bnez a3, 0x404710 | goto label_0;
| }
0x004046a4 move s3, a1 | s3 = a1;
0x004046a8 lw a1, -0x7fd8(gp) | a1 = *(gp);
0x004046ac lw t9, -0x7f4c(gp) | t9 = sym.imp.sprintf
0x004046b0 move s0, a2 | s0 = a2;
0x004046b4 move a0, a2 | a0 = a2;
0x004046b8 lbu a2, (s4) | a2 = *(s4);
| /* str._02X */
0x004046bc addiu a1, a1, 0x64cc | a1 += 0x64cc;
0x004046c0 addiu s2, s0, 2 | s2 = s0 + 2;
0x004046c4 jalr t9 | t9 ();
0x004046c8 lw gp, 0x10(sp) | gp = *(var_10h);
0x004046cc addiu s1, zero, 1 | s1 = 1;
0x004046d0 lw s5, -0x7fd8(gp) | s5 = *(gp);
| /* esilref: ':&X' */
0x004046d4 addiu s5, s5, 0x64ec | s5 += 0x64ec;
0x004046d8 b 0x4046fc |
| while (v0 != 0) {
0x004046dc lw t9, -0x7f4c(gp) | t9 = sym.imp.sprintf
0x004046e0 lbu a2, (v0) | a2 = *(v0);
0x004046e4 move a0, s2 | a0 = s2;
0x004046e8 move a1, s5 | a1 = s5;
0x004046ec jalr t9 | t9 ();
0x004046f0 lw gp, 0x10(sp) | gp = *(var_10h);
0x004046f4 addiu s1, s1, 1 | s1++;
0x004046f8 addiu s2, s2, 3 | s2 += 3;
0x004046fc slt v0, s1, s3 | v0 = (s1 < s3) ? 1 : 0;
0x00404700 addu v0, s4, s1 | v0 = s4 + s1;
0x00404704 bnez v0, 0x4046dc |
| }
0x00404708 lw ra, 0x34(sp) | ra = *(var_34h);
0x0040470c b 0x404718 | goto label_1;
| label_0:
0x00404710 move s0, zero | s0 = 0;
0x00404714 lw ra, 0x34(sp) | ra = *(var_34h);
| label_1:
0x00404718 move v0, s0 | v0 = s0;
0x0040471c lw s5, 0x30(sp) | s5 = *(var_30h);
0x00404720 lw s4, 0x2c(sp) | s4 = *(var_2ch);
0x00404724 lw s3, 0x28(sp) | s3 = *(var_28h);
0x00404728 lw s2, 0x24(sp) | s2 = *(var_24h);
0x0040472c lw s1, 0x20(sp) | s1 = *(var_20h);
0x00404730 lw s0, 0x1c(sp) | s0 = *(var_1ch);
0x00404734 addiu sp, sp, 0x38 |
0x00404738 jr ra | return v0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwgetid @ 0x4039b0 */
| #include <stdint.h>
|
; (fcn) sym.iw_print_key () | void iw_print_key () {
0x004039b0 lui gp, 2 |
0x004039b4 addiu gp, gp, -0x4830 |
0x004039b8 addu gp, gp, t9 | gp += t9;
0x004039bc addiu v1, zero, 3 | v1 = 3;
0x004039c0 mul v1, a3, v1 | __asm ("mul v1, a3, v1");
0x004039c4 addiu sp, sp, -0x38 |
0x004039c8 sw gp, 0x10(sp) | *(var_10h) = gp;
0x004039cc sw ra, 0x34(sp) | *(var_34h) = ra;
0x004039d0 sw s6, 0x30(sp) | *(var_30h) = s6;
0x004039d4 sw s5, 0x2c(sp) | *(var_2ch) = s5;
0x004039d8 sw s4, 0x28(sp) | *(var_28h) = s4;
0x004039dc sw s3, 0x24(sp) | *(var_24h) = s3;
0x004039e0 sw s2, 0x20(sp) | *(var_20h) = s2;
0x004039e4 sw s1, 0x1c(sp) | *(var_1ch) = s1;
0x004039e8 sw s0, 0x18(sp) | *(var_18h) = s0;
0x004039ec slt v1, a1, v1 | v1 = (a1 < v1) ? 1 : 0;
0x004039f0 lw v0, 0x48(sp) | v0 = *(arg_48h);
| if (v1 != 0) {
0x004039f4 beqz v1, 0x403a2c |
0x004039f8 lw a2, -0x7fd8(gp) | a2 = *(gp);
0x004039fc lw ra, 0x34(sp) | ra = *(var_34h);
0x00403a00 lw s6, 0x30(sp) | s6 = *(var_30h);
0x00403a04 lw s5, 0x2c(sp) | s5 = *(var_2ch);
0x00403a08 lw s4, 0x28(sp) | s4 = *(var_28h);
0x00403a0c lw s3, 0x24(sp) | s3 = *(var_24h);
0x00403a10 lw s2, 0x20(sp) | s2 = *(var_20h);
0x00403a14 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x00403a18 lw s0, 0x18(sp) | s0 = *(var_18h);
0x00403a1c lw t9, -0x7ef0(gp) | t9 = sym.imp.snprintf;
| /* str._too_big_ */
0x00403a20 addiu a2, a2, 0x62d4 | a2 += 0x62d4;
0x00403a24 addiu sp, sp, 0x38 |
0x00403a28 jr t9 | t9 ();
| }
0x00403a2c andi v0, v0, 0x800 | v0 &= 0x800;
0x00403a30 move s0, a0 | s0 = a0;
0x00403a34 move s2, a3 | s2 = a3;
| if (v0 == 0) {
0x00403a38 beqz v0, 0x403ae8 | goto label_0;
| }
0x00403a3c lw t9, -0x7ee8(gp) | t9 = sym._MIPS_STUBS_;
| if (a3 <= 0) {
0x00403a40 bgtz a3, 0x403a74 |
0x00403a44 lw a1, -0x7fd8(gp) | a1 = *(gp);
0x00403a48 lw ra, 0x34(sp) | ra = *(var_34h);
0x00403a4c lw s6, 0x30(sp) | s6 = *(var_30h);
0x00403a50 lw s5, 0x2c(sp) | s5 = *(var_2ch);
0x00403a54 lw s4, 0x28(sp) | s4 = *(var_28h);
0x00403a58 lw s3, 0x24(sp) | s3 = *(var_24h);
0x00403a5c lw s2, 0x20(sp) | s2 = *(var_20h);
0x00403a60 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x00403a64 lw s0, 0x18(sp) | s0 = *(var_18h);
| /* esilref: 'on' */
0x00403a68 addiu a1, a1, 0x62e0 | a1 += 0x62e0;
0x00403a6c addiu sp, sp, 0x38 |
0x00403a70 jr t9 | t9 ();
| }
0x00403a74 lw s3, -0x7fd8(gp) | s3 = *(gp);
0x00403a78 addiu s0, s0, 2 | s0 += 2;
0x00403a7c addiu s1, zero, 1 | s1 = 1;
| /* esilref: '**' */
0x00403a80 addiu a1, s3, 0x62e4 | a1 = s3 + 0x62e4;
0x00403a84 jalr t9 | t9 ();
0x00403a88 lw gp, 0x10(sp) | gp = *(var_10h);
| /* esilref: '**' */
0x00403a8c addiu s3, s3, 0x62e4 | s3 += 0x62e4;
0x00403a90 lw s4, -0x7fd8(gp) | s4 = *(gp);
0x00403a94 addiu s4, s4, 0x62e8 | s4 += 0x62e8;
0x00403a98 b 0x403ad8 |
| while (s1 != s2) {
0x00403a9c lw t9, -0x7ee8(gp) | t9 = sym._MIPS_STUBS_;
| if (v0 == 0) {
0x00403aa0 bnez v0, 0x403ac0 |
0x00403aa4 move a0, s0 | a0 = s0;
0x00403aa8 move a1, s4 | a1 = s4;
0x00403aac jalr t9 | t9 ();
0x00403ab0 lw gp, 0x10(sp) | gp = *(var_10h);
0x00403ab4 addiu s5, s0, 1 | s5 = s0 + 1;
0x00403ab8 move s0, s5 | s0 = s5;
0x00403abc lw t9, -0x7ee8(gp) | t9 = sym._MIPS_STUBS_;
| }
0x00403ac0 move a0, s0 | a0 = s0;
0x00403ac4 move a1, s3 | a1 = s3;
0x00403ac8 jalr t9 | t9 ();
0x00403acc lw gp, 0x10(sp) | gp = *(var_10h);
0x00403ad0 addiu s0, s0, 2 | s0 += 2;
0x00403ad4 addiu s1, s1, 1 | s1++;
0x00403ad8 andi v0, s1, 1 | v0 = s1 & 1;
0x00403adc bne s1, s2, 0x403a9c |
| }
0x00403ae0 lw ra, 0x34(sp) | ra = *(var_34h);
0x00403ae4 b 0x403b74 | goto label_1;
| label_0:
0x00403ae8 lw s4, -0x7fd8(gp) | s4 = *(gp);
0x00403aec lw t9, -0x7f4c(gp) | t9 = sym.imp.sprintf
0x00403af0 move s3, a2 | s3 = a2;
0x00403af4 lbu a2, (a2) | a2 = *(a2);
| /* str._.2X */
0x00403af8 addiu a1, s4, 0x62ec | a1 = s4 + 0x62ec;
0x00403afc addiu s0, s0, 2 | s0 += 2;
0x00403b00 jalr t9 | t9 ();
0x00403b04 lw gp, 0x10(sp) | gp = *(var_10h);
0x00403b08 addiu s1, zero, 1 | s1 = 1;
| /* str._.2X */
0x00403b0c addiu s4, s4, 0x62ec | s4 += 0x62ec;
0x00403b10 lw s5, -0x7fd8(gp) | s5 = *(gp);
0x00403b14 addiu s5, s5, 0x62e8 | s5 += 0x62e8;
0x00403b18 b 0x403b64 |
| while (v0 != 0) {
0x00403b1c addu v0, s3, s1 | v0 = s3 + s1;
| if (v0 == 0) {
0x00403b20 bnez v0, 0x403b44 |
0x00403b24 lw t9, -0x7ee8(gp) | t9 = sym._MIPS_STUBS_;
0x00403b28 move a0, s0 | a0 = s0;
0x00403b2c move a1, s5 | a1 = s5;
0x00403b30 jalr t9 | t9 ();
0x00403b34 lw gp, 0x10(sp) | gp = *(var_10h);
0x00403b38 addiu s6, s0, 1 | s6 = s0 + 1;
0x00403b3c move s0, s6 | s0 = s6;
0x00403b40 addu v0, s3, s1 | v0 = s3 + s1;
| }
0x00403b44 lw t9, -0x7f4c(gp) | t9 = sym.imp.sprintf
0x00403b48 lbu a2, (v0) | a2 = *(v0);
0x00403b4c move a0, s0 | a0 = s0;
0x00403b50 move a1, s4 | a1 = s4;
0x00403b54 jalr t9 | t9 ();
0x00403b58 lw gp, 0x10(sp) | gp = *(var_10h);
0x00403b5c addiu s0, s0, 2 | s0 += 2;
0x00403b60 addiu s1, s1, 1 | s1++;
0x00403b64 slt v0, s1, s2 | v0 = (s1 < s2) ? 1 : 0;
0x00403b68 andi v0, s1, 1 | v0 = s1 & 1;
0x00403b6c bnez v0, 0x403b1c |
| }
0x00403b70 lw ra, 0x34(sp) | ra = *(var_34h);
| label_1:
0x00403b74 lw s6, 0x30(sp) | s6 = *(var_30h);
0x00403b78 lw s5, 0x2c(sp) | s5 = *(var_2ch);
0x00403b7c lw s4, 0x28(sp) | s4 = *(var_28h);
0x00403b80 lw s3, 0x24(sp) | s3 = *(var_24h);
0x00403b84 lw s2, 0x20(sp) | s2 = *(var_20h);
0x00403b88 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x00403b8c lw s0, 0x18(sp) | s0 = *(var_18h);
0x00403b90 addiu sp, sp, 0x38 |
0x00403b94 jr ra | return v0;
| }
[*] Function sprintf used 6 times iwgetid