[*] Binary protection state of iwgetid

  
  	No RELRO       No Canary found   NX disabled  No PIE       No RPATH     No RUNPATH   Symbols


[*] Function sprintf tear down of iwgetid

    ; assembly                               | /* r2dec pseudo code output */
                                             | /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwgetid @ 0x40473c */
                                             | #include <stdint.h>
                                             |  
    ; (fcn) sym.iw_ether_ntop ()             | void iw_ether_ntop () {
    0x0040473c lui gp, 2                     |     
    0x00404740 addiu gp, gp, -0x55bc         |     
    0x00404744 addu gp, gp, t9               |     gp += t9;
    0x00404748 addiu sp, sp, -0x30           |     
    0x0040474c sw ra, 0x2c(sp)               |     *(var_2ch) = ra;
    0x00404750 sw gp, 0x20(sp)               |     *(var_20h) = gp;
    0x00404754 lbu v0, 2(a0)                 |     v0 = *((a0 + 2));
    0x00404758 lbu a2, (a0)                  |     a2 = *(a0);
    0x0040475c lbu a3, 1(a0)                 |     a3 = *((a0 + 1));
    0x00404760 sw v0, 0x10(sp)               |     *(var_10h) = v0;
    0x00404764 lbu v0, 3(a0)                 |     v0 = *((a0 + 3));
    0x00404768 lw t9, -0x7f4c(gp)            |     t9 = sym.imp.sprintf
    0x0040476c sw v0, 0x14(sp)               |     *(var_14h) = v0;
    0x00404770 lbu v0, 4(a0)                 |     v0 = *((a0 + 4));
    0x00404774 sw v0, 0x18(sp)               |     *(var_18h) = v0;
    0x00404778 lbu v0, 5(a0)                 |     v0 = *((a0 + 5));
    0x0040477c move a0, a1                   |     a0 = a1;
    0x00404780 lw a1, -0x7fd8(gp)            |     a1 = *(gp);
    0x00404784 sw v0, 0x1c(sp)               |     *(var_1ch) = v0;
                                             |     /* str._02X:_02X:_02X:_02X:_02X:_02X */
    0x00404788 addiu a1, a1, 0x64d4          |     a1 += 0x64d4;
    0x0040478c jalr t9                       |     t9 ();
    0x00404790 lw ra, 0x2c(sp)               |     ra = *(var_2ch);
    0x00404794 addiu sp, sp, 0x30            |     
    0x00404798 jr ra                         |     return v0;
                                             | }
    ; assembly                               | /* r2dec pseudo code output */
                                             | /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwgetid @ 0x404660 */
                                             | #include <stdint.h>
                                             |  
    ; (fcn) sym.iw_mac_ntop ()               | void iw_mac_ntop () {
    0x00404660 lui gp, 2                     |     
    0x00404664 addiu gp, gp, -0x54e0         |     
    0x00404668 addu gp, gp, t9               |     gp += t9;
    0x0040466c addiu v0, zero, 3             |     v0 = 3;
    0x00404670 mul v0, a1, v0                |     __asm ("mul v0, a1, v0");
    0x00404674 addiu sp, sp, -0x38           |     
    0x00404678 sw gp, 0x10(sp)               |     *(var_10h) = gp;
    0x0040467c sw ra, 0x34(sp)               |     *(var_34h) = ra;
    0x00404680 sw s5, 0x30(sp)               |     *(var_30h) = s5;
    0x00404684 sw s4, 0x2c(sp)               |     *(var_2ch) = s4;
    0x00404688 sw s3, 0x28(sp)               |     *(var_28h) = s3;
    0x0040468c sw s2, 0x24(sp)               |     *(var_24h) = s2;
    0x00404690 sw s1, 0x20(sp)               |     *(var_20h) = s1;
    0x00404694 sw s0, 0x1c(sp)               |     *(var_1ch) = s0;
    0x00404698 slt a3, a3, v0                |     a3 = (a3 < v0) ? 1 : 0;
    0x0040469c move s4, a0                   |     s4 = a0;
                                             |     if (a3 != 0) {
    0x004046a0 bnez a3, 0x404710             |         goto label_0;
                                             |     }
    0x004046a4 move s3, a1                   |     s3 = a1;
    0x004046a8 lw a1, -0x7fd8(gp)            |     a1 = *(gp);
    0x004046ac lw t9, -0x7f4c(gp)            |     t9 = sym.imp.sprintf
    0x004046b0 move s0, a2                   |     s0 = a2;
    0x004046b4 move a0, a2                   |     a0 = a2;
    0x004046b8 lbu a2, (s4)                  |     a2 = *(s4);
                                             |     /* str._02X */
    0x004046bc addiu a1, a1, 0x64cc          |     a1 += 0x64cc;
    0x004046c0 addiu s2, s0, 2               |     s2 = s0 + 2;
    0x004046c4 jalr t9                       |     t9 ();
    0x004046c8 lw gp, 0x10(sp)               |     gp = *(var_10h);
    0x004046cc addiu s1, zero, 1             |     s1 = 1;
    0x004046d0 lw s5, -0x7fd8(gp)            |     s5 = *(gp);
                                             |     /* esilref: ':&X' */
    0x004046d4 addiu s5, s5, 0x64ec          |     s5 += 0x64ec;
    0x004046d8 b 0x4046fc                    |     
                                             |     while (v0 != 0) {
    0x004046dc lw t9, -0x7f4c(gp)            |         t9 = sym.imp.sprintf
    0x004046e0 lbu a2, (v0)                  |         a2 = *(v0);
    0x004046e4 move a0, s2                   |         a0 = s2;
    0x004046e8 move a1, s5                   |         a1 = s5;
    0x004046ec jalr t9                       |         t9 ();
    0x004046f0 lw gp, 0x10(sp)               |         gp = *(var_10h);
    0x004046f4 addiu s1, s1, 1               |         s1++;
    0x004046f8 addiu s2, s2, 3               |         s2 += 3;
    0x004046fc slt v0, s1, s3                |         v0 = (s1 < s3) ? 1 : 0;
    0x00404700 addu v0, s4, s1               |         v0 = s4 + s1;
    0x00404704 bnez v0, 0x4046dc             |         
                                             |     }
    0x00404708 lw ra, 0x34(sp)               |     ra = *(var_34h);
    0x0040470c b 0x404718                    |     goto label_1;
                                             | label_0:
    0x00404710 move s0, zero                 |     s0 = 0;
    0x00404714 lw ra, 0x34(sp)               |     ra = *(var_34h);
                                             | label_1:
    0x00404718 move v0, s0                   |     v0 = s0;
    0x0040471c lw s5, 0x30(sp)               |     s5 = *(var_30h);
    0x00404720 lw s4, 0x2c(sp)               |     s4 = *(var_2ch);
    0x00404724 lw s3, 0x28(sp)               |     s3 = *(var_28h);
    0x00404728 lw s2, 0x24(sp)               |     s2 = *(var_24h);
    0x0040472c lw s1, 0x20(sp)               |     s1 = *(var_20h);
    0x00404730 lw s0, 0x1c(sp)               |     s0 = *(var_1ch);
    0x00404734 addiu sp, sp, 0x38            |     
    0x00404738 jr ra                         |     return v0;
                                             | }
    ; assembly                               | /* r2dec pseudo code output */
                                             | /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwgetid @ 0x4039b0 */
                                             | #include <stdint.h>
                                             |  
    ; (fcn) sym.iw_print_key ()              | void iw_print_key () {
    0x004039b0 lui gp, 2                     |     
    0x004039b4 addiu gp, gp, -0x4830         |     
    0x004039b8 addu gp, gp, t9               |     gp += t9;
    0x004039bc addiu v1, zero, 3             |     v1 = 3;
    0x004039c0 mul v1, a3, v1                |     __asm ("mul v1, a3, v1");
    0x004039c4 addiu sp, sp, -0x38           |     
    0x004039c8 sw gp, 0x10(sp)               |     *(var_10h) = gp;
    0x004039cc sw ra, 0x34(sp)               |     *(var_34h) = ra;
    0x004039d0 sw s6, 0x30(sp)               |     *(var_30h) = s6;
    0x004039d4 sw s5, 0x2c(sp)               |     *(var_2ch) = s5;
    0x004039d8 sw s4, 0x28(sp)               |     *(var_28h) = s4;
    0x004039dc sw s3, 0x24(sp)               |     *(var_24h) = s3;
    0x004039e0 sw s2, 0x20(sp)               |     *(var_20h) = s2;
    0x004039e4 sw s1, 0x1c(sp)               |     *(var_1ch) = s1;
    0x004039e8 sw s0, 0x18(sp)               |     *(var_18h) = s0;
    0x004039ec slt v1, a1, v1                |     v1 = (a1 < v1) ? 1 : 0;
    0x004039f0 lw v0, 0x48(sp)               |     v0 = *(arg_48h);
                                             |     if (v1 != 0) {
    0x004039f4 beqz v1, 0x403a2c             |         
    0x004039f8 lw a2, -0x7fd8(gp)            |         a2 = *(gp);
    0x004039fc lw ra, 0x34(sp)               |         ra = *(var_34h);
    0x00403a00 lw s6, 0x30(sp)               |         s6 = *(var_30h);
    0x00403a04 lw s5, 0x2c(sp)               |         s5 = *(var_2ch);
    0x00403a08 lw s4, 0x28(sp)               |         s4 = *(var_28h);
    0x00403a0c lw s3, 0x24(sp)               |         s3 = *(var_24h);
    0x00403a10 lw s2, 0x20(sp)               |         s2 = *(var_20h);
    0x00403a14 lw s1, 0x1c(sp)               |         s1 = *(var_1ch);
    0x00403a18 lw s0, 0x18(sp)               |         s0 = *(var_18h);
    0x00403a1c lw t9, -0x7ef0(gp)            |         t9 = sym.imp.snprintf;
                                             |         /* str._too_big_ */
    0x00403a20 addiu a2, a2, 0x62d4          |         a2 += 0x62d4;
    0x00403a24 addiu sp, sp, 0x38            |         
    0x00403a28 jr t9                         |         t9 ();
                                             |     }
    0x00403a2c andi v0, v0, 0x800            |     v0 &= 0x800;
    0x00403a30 move s0, a0                   |     s0 = a0;
    0x00403a34 move s2, a3                   |     s2 = a3;
                                             |     if (v0 == 0) {
    0x00403a38 beqz v0, 0x403ae8             |         goto label_0;
                                             |     }
    0x00403a3c lw t9, -0x7ee8(gp)            |     t9 = sym._MIPS_STUBS_;
                                             |     if (a3 <= 0) {
    0x00403a40 bgtz a3, 0x403a74             |         
    0x00403a44 lw a1, -0x7fd8(gp)            |         a1 = *(gp);
    0x00403a48 lw ra, 0x34(sp)               |         ra = *(var_34h);
    0x00403a4c lw s6, 0x30(sp)               |         s6 = *(var_30h);
    0x00403a50 lw s5, 0x2c(sp)               |         s5 = *(var_2ch);
    0x00403a54 lw s4, 0x28(sp)               |         s4 = *(var_28h);
    0x00403a58 lw s3, 0x24(sp)               |         s3 = *(var_24h);
    0x00403a5c lw s2, 0x20(sp)               |         s2 = *(var_20h);
    0x00403a60 lw s1, 0x1c(sp)               |         s1 = *(var_1ch);
    0x00403a64 lw s0, 0x18(sp)               |         s0 = *(var_18h);
                                             |         /* esilref: 'on' */
    0x00403a68 addiu a1, a1, 0x62e0          |         a1 += 0x62e0;
    0x00403a6c addiu sp, sp, 0x38            |         
    0x00403a70 jr t9                         |         t9 ();
                                             |     }
    0x00403a74 lw s3, -0x7fd8(gp)            |     s3 = *(gp);
    0x00403a78 addiu s0, s0, 2               |     s0 += 2;
    0x00403a7c addiu s1, zero, 1             |     s1 = 1;
                                             |     /* esilref: '**' */
    0x00403a80 addiu a1, s3, 0x62e4          |     a1 = s3 + 0x62e4;
    0x00403a84 jalr t9                       |     t9 ();
    0x00403a88 lw gp, 0x10(sp)               |     gp = *(var_10h);
                                             |     /* esilref: '**' */
    0x00403a8c addiu s3, s3, 0x62e4          |     s3 += 0x62e4;
    0x00403a90 lw s4, -0x7fd8(gp)            |     s4 = *(gp);
    0x00403a94 addiu s4, s4, 0x62e8          |     s4 += 0x62e8;
    0x00403a98 b 0x403ad8                    |     
                                             |     while (s1 != s2) {
    0x00403a9c lw t9, -0x7ee8(gp)            |         t9 = sym._MIPS_STUBS_;
                                             |         if (v0 == 0) {
    0x00403aa0 bnez v0, 0x403ac0             |             
    0x00403aa4 move a0, s0                   |             a0 = s0;
    0x00403aa8 move a1, s4                   |             a1 = s4;
    0x00403aac jalr t9                       |             t9 ();
    0x00403ab0 lw gp, 0x10(sp)               |             gp = *(var_10h);
    0x00403ab4 addiu s5, s0, 1               |             s5 = s0 + 1;
    0x00403ab8 move s0, s5                   |             s0 = s5;
    0x00403abc lw t9, -0x7ee8(gp)            |             t9 = sym._MIPS_STUBS_;
                                             |         }
    0x00403ac0 move a0, s0                   |         a0 = s0;
    0x00403ac4 move a1, s3                   |         a1 = s3;
    0x00403ac8 jalr t9                       |         t9 ();
    0x00403acc lw gp, 0x10(sp)               |         gp = *(var_10h);
    0x00403ad0 addiu s0, s0, 2               |         s0 += 2;
    0x00403ad4 addiu s1, s1, 1               |         s1++;
    0x00403ad8 andi v0, s1, 1                |         v0 = s1 & 1;
    0x00403adc bne s1, s2, 0x403a9c          |         
                                             |     }
    0x00403ae0 lw ra, 0x34(sp)               |     ra = *(var_34h);
    0x00403ae4 b 0x403b74                    |     goto label_1;
                                             | label_0:
    0x00403ae8 lw s4, -0x7fd8(gp)            |     s4 = *(gp);
    0x00403aec lw t9, -0x7f4c(gp)            |     t9 = sym.imp.sprintf
    0x00403af0 move s3, a2                   |     s3 = a2;
    0x00403af4 lbu a2, (a2)                  |     a2 = *(a2);
                                             |     /* str._.2X */
    0x00403af8 addiu a1, s4, 0x62ec          |     a1 = s4 + 0x62ec;
    0x00403afc addiu s0, s0, 2               |     s0 += 2;
    0x00403b00 jalr t9                       |     t9 ();
    0x00403b04 lw gp, 0x10(sp)               |     gp = *(var_10h);
    0x00403b08 addiu s1, zero, 1             |     s1 = 1;
                                             |     /* str._.2X */
    0x00403b0c addiu s4, s4, 0x62ec          |     s4 += 0x62ec;
    0x00403b10 lw s5, -0x7fd8(gp)            |     s5 = *(gp);
    0x00403b14 addiu s5, s5, 0x62e8          |     s5 += 0x62e8;
    0x00403b18 b 0x403b64                    |     
                                             |     while (v0 != 0) {
    0x00403b1c addu v0, s3, s1               |         v0 = s3 + s1;
                                             |         if (v0 == 0) {
    0x00403b20 bnez v0, 0x403b44             |             
    0x00403b24 lw t9, -0x7ee8(gp)            |             t9 = sym._MIPS_STUBS_;
    0x00403b28 move a0, s0                   |             a0 = s0;
    0x00403b2c move a1, s5                   |             a1 = s5;
    0x00403b30 jalr t9                       |             t9 ();
    0x00403b34 lw gp, 0x10(sp)               |             gp = *(var_10h);
    0x00403b38 addiu s6, s0, 1               |             s6 = s0 + 1;
    0x00403b3c move s0, s6                   |             s0 = s6;
    0x00403b40 addu v0, s3, s1               |             v0 = s3 + s1;
                                             |         }
    0x00403b44 lw t9, -0x7f4c(gp)            |         t9 = sym.imp.sprintf
    0x00403b48 lbu a2, (v0)                  |         a2 = *(v0);
    0x00403b4c move a0, s0                   |         a0 = s0;
    0x00403b50 move a1, s4                   |         a1 = s4;
    0x00403b54 jalr t9                       |         t9 ();
    0x00403b58 lw gp, 0x10(sp)               |         gp = *(var_10h);
    0x00403b5c addiu s0, s0, 2               |         s0 += 2;
    0x00403b60 addiu s1, s1, 1               |         s1++;
    0x00403b64 slt v0, s1, s2                |         v0 = (s1 < s2) ? 1 : 0;
    0x00403b68 andi v0, s1, 1                |         v0 = s1 & 1;
    0x00403b6c bnez v0, 0x403b1c             |         
                                             |     }
    0x00403b70 lw ra, 0x34(sp)               |     ra = *(var_34h);
                                             | label_1:
    0x00403b74 lw s6, 0x30(sp)               |     s6 = *(var_30h);
    0x00403b78 lw s5, 0x2c(sp)               |     s5 = *(var_2ch);
    0x00403b7c lw s4, 0x28(sp)               |     s4 = *(var_28h);
    0x00403b80 lw s3, 0x24(sp)               |     s3 = *(var_24h);
    0x00403b84 lw s2, 0x20(sp)               |     s2 = *(var_20h);
    0x00403b88 lw s1, 0x1c(sp)               |     s1 = *(var_1ch);
    0x00403b8c lw s0, 0x18(sp)               |     s0 = *(var_18h);
    0x00403b90 addiu sp, sp, 0x38            |     
    0x00403b94 jr ra                         |     return v0;
                                             | }

[*] Function sprintf used 6 times iwgetid