[*] Binary protection state of iwlist
No RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH Symbols
[*] Function sprintf tear down of iwlist
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwlist @ 0x4070bc */
| #include <stdint.h>
|
; (fcn) sym.iw_ether_ntop () | void iw_ether_ntop () {
0x004070bc lui gp, 2 |
0x004070c0 addiu gp, gp, -0x435c |
0x004070c4 addu gp, gp, t9 | gp += t9;
0x004070c8 addiu sp, sp, -0x30 |
0x004070cc sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x004070d0 sw gp, 0x20(sp) | *(var_20h) = gp;
0x004070d4 lbu v0, 2(a0) | v0 = *((a0 + 2));
0x004070d8 lbu a2, (a0) | a2 = *(a0);
0x004070dc lbu a3, 1(a0) | a3 = *((a0 + 1));
0x004070e0 sw v0, 0x10(sp) | *(var_10h) = v0;
0x004070e4 lbu v0, 3(a0) | v0 = *((a0 + 3));
0x004070e8 lw t9, -0x7f34(gp) | t9 = sym.imp.sprintf
0x004070ec sw v0, 0x14(sp) | *(var_14h) = v0;
0x004070f0 lbu v0, 4(a0) | v0 = *((a0 + 4));
0x004070f4 sw v0, 0x18(sp) | *(var_18h) = v0;
0x004070f8 lbu v0, 5(a0) | v0 = *((a0 + 5));
0x004070fc move a0, a1 | a0 = a1;
0x00407100 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x00407104 sw v0, 0x1c(sp) | *(var_1ch) = v0;
| /* str._02X:_02X:_02X:_02X:_02X:_02X */
0x00407108 addiu a1, a1, -0x5e74 | a1 += -0x5e74;
0x0040710c jalr t9 | t9 ();
0x00407110 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x00407114 addiu sp, sp, 0x30 |
0x00407118 jr ra | return v0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwlist @ 0x406fe0 */
| #include <stdint.h>
|
; (fcn) sym.iw_mac_ntop () | void iw_mac_ntop () {
0x00406fe0 lui gp, 2 |
0x00406fe4 addiu gp, gp, -0x4280 |
0x00406fe8 addu gp, gp, t9 | gp += t9;
0x00406fec addiu v0, zero, 3 | v0 = 3;
0x00406ff0 mul v0, a1, v0 | __asm ("mul v0, a1, v0");
0x00406ff4 addiu sp, sp, -0x38 |
0x00406ff8 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00406ffc sw ra, 0x34(sp) | *(var_34h) = ra;
0x00407000 sw s5, 0x30(sp) | *(var_30h) = s5;
0x00407004 sw s4, 0x2c(sp) | *(var_2ch) = s4;
0x00407008 sw s3, 0x28(sp) | *(var_28h) = s3;
0x0040700c sw s2, 0x24(sp) | *(var_24h) = s2;
0x00407010 sw s1, 0x20(sp) | *(var_20h) = s1;
0x00407014 sw s0, 0x1c(sp) | *(var_1ch) = s0;
0x00407018 slt a3, a3, v0 | a3 = (a3 < v0) ? 1 : 0;
0x0040701c move s4, a0 | s4 = a0;
| if (a3 != 0) {
0x00407020 bnez a3, 0x407090 | goto label_0;
| }
0x00407024 move s3, a1 | s3 = a1;
0x00407028 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x0040702c lw t9, -0x7f34(gp) | t9 = sym.imp.sprintf
0x00407030 move s0, a2 | s0 = a2;
0x00407034 move a0, a2 | a0 = a2;
0x00407038 lbu a2, (s4) | a2 = *(s4);
| /* str._02X */
0x0040703c addiu a1, a1, -0x7ddc | a1 += -0x7ddc;
0x00407040 addiu s2, s0, 2 | s2 = s0 + 2;
0x00407044 jalr t9 | t9 ();
0x00407048 lw gp, 0x10(sp) | gp = *(var_10h);
0x0040704c addiu s1, zero, 1 | s1 = 1;
0x00407050 lw s5, -0x7fd8(gp) | s5 = *((gp - 8182));
| /* esilref: ':&X' */
0x00407054 addiu s5, s5, -0x5e5c | s5 += -0x5e5c;
0x00407058 b 0x40707c |
| while (v0 != 0) {
0x0040705c lw t9, -0x7f34(gp) | t9 = sym.imp.sprintf
0x00407060 lbu a2, (v0) | a2 = *(v0);
0x00407064 move a0, s2 | a0 = s2;
0x00407068 move a1, s5 | a1 = s5;
0x0040706c jalr t9 | t9 ();
0x00407070 lw gp, 0x10(sp) | gp = *(var_10h);
0x00407074 addiu s1, s1, 1 | s1++;
0x00407078 addiu s2, s2, 3 | s2 += 3;
0x0040707c slt v0, s1, s3 | v0 = (s1 < s3) ? 1 : 0;
0x00407080 addu v0, s4, s1 | v0 = s4 + s1;
0x00407084 bnez v0, 0x40705c |
| }
0x00407088 lw ra, 0x34(sp) | ra = *(var_34h);
0x0040708c b 0x407098 | goto label_1;
| label_0:
0x00407090 move s0, zero | s0 = 0;
0x00407094 lw ra, 0x34(sp) | ra = *(var_34h);
| label_1:
0x00407098 move v0, s0 | v0 = s0;
0x0040709c lw s5, 0x30(sp) | s5 = *(var_30h);
0x004070a0 lw s4, 0x2c(sp) | s4 = *(var_2ch);
0x004070a4 lw s3, 0x28(sp) | s3 = *(var_28h);
0x004070a8 lw s2, 0x24(sp) | s2 = *(var_24h);
0x004070ac lw s1, 0x20(sp) | s1 = *(var_20h);
0x004070b0 lw s0, 0x1c(sp) | s0 = *(var_1ch);
0x004070b4 addiu sp, sp, 0x38 |
0x004070b8 jr ra | return v0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwlist @ 0x406330 */
| #include <stdint.h>
|
; (fcn) sym.iw_print_key () | void iw_print_key () {
0x00406330 lui gp, 2 |
0x00406334 addiu gp, gp, -0x35d0 |
0x00406338 addu gp, gp, t9 | gp += t9;
0x0040633c addiu v1, zero, 3 | v1 = 3;
0x00406340 mul v1, a3, v1 | __asm ("mul v1, a3, v1");
0x00406344 addiu sp, sp, -0x38 |
0x00406348 sw gp, 0x10(sp) | *(var_10h) = gp;
0x0040634c sw ra, 0x34(sp) | *(var_34h) = ra;
0x00406350 sw s6, 0x30(sp) | *(var_30h) = s6;
0x00406354 sw s5, 0x2c(sp) | *(var_2ch) = s5;
0x00406358 sw s4, 0x28(sp) | *(var_28h) = s4;
0x0040635c sw s3, 0x24(sp) | *(var_24h) = s3;
0x00406360 sw s2, 0x20(sp) | *(var_20h) = s2;
0x00406364 sw s1, 0x1c(sp) | *(var_1ch) = s1;
0x00406368 sw s0, 0x18(sp) | *(var_18h) = s0;
0x0040636c slt v1, a1, v1 | v1 = (a1 < v1) ? 1 : 0;
0x00406370 lw v0, 0x48(sp) | v0 = *(arg_48h);
| if (v1 != 0) {
0x00406374 beqz v1, 0x4063ac |
0x00406378 lw a2, -0x7fd8(gp) | a2 = *((gp - 8182));
0x0040637c lw ra, 0x34(sp) | ra = *(var_34h);
0x00406380 lw s6, 0x30(sp) | s6 = *(var_30h);
0x00406384 lw s5, 0x2c(sp) | s5 = *(var_2ch);
0x00406388 lw s4, 0x28(sp) | s4 = *(var_28h);
0x0040638c lw s3, 0x24(sp) | s3 = *(var_24h);
0x00406390 lw s2, 0x20(sp) | s2 = *(var_20h);
0x00406394 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x00406398 lw s0, 0x18(sp) | s0 = *(var_18h);
0x0040639c lw t9, -0x7eec(gp) | t9 = sym.imp.snprintf;
| /* str._too_big_ */
0x004063a0 addiu a2, a2, -0x6064 | a2 += -0x6064;
0x004063a4 addiu sp, sp, 0x38 |
0x004063a8 jr t9 | t9 ();
| }
0x004063ac andi v0, v0, 0x800 | v0 &= 0x800;
0x004063b0 move s0, a0 | s0 = a0;
0x004063b4 move s2, a3 | s2 = a3;
| if (v0 == 0) {
0x004063b8 beqz v0, 0x406468 | goto label_0;
| }
0x004063bc lw t9, -0x7ee8(gp) | t9 = sym._MIPS_STUBS_;
| if (a3 <= 0) {
0x004063c0 bgtz a3, 0x4063f4 |
0x004063c4 lw a1, -0x7fd8(gp) | a1 = *((gp - 8182));
0x004063c8 lw ra, 0x34(sp) | ra = *(var_34h);
0x004063cc lw s6, 0x30(sp) | s6 = *(var_30h);
0x004063d0 lw s5, 0x2c(sp) | s5 = *(var_2ch);
0x004063d4 lw s4, 0x28(sp) | s4 = *(var_28h);
0x004063d8 lw s3, 0x24(sp) | s3 = *(var_24h);
0x004063dc lw s2, 0x20(sp) | s2 = *(var_20h);
0x004063e0 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x004063e4 lw s0, 0x18(sp) | s0 = *(var_18h);
| /* esilref: 'on' */
0x004063e8 addiu a1, a1, -0x6c44 | a1 += -0x6c44;
0x004063ec addiu sp, sp, 0x38 |
0x004063f0 jr t9 | t9 ();
| }
0x004063f4 lw s3, -0x7fd8(gp) | s3 = *((gp - 8182));
0x004063f8 addiu s0, s0, 2 | s0 += 2;
0x004063fc addiu s1, zero, 1 | s1 = 1;
| /* esilref: '**' */
0x00406400 addiu a1, s3, -0x6058 | a1 = s3 + -0x6058;
0x00406404 jalr t9 | t9 ();
0x00406408 lw gp, 0x10(sp) | gp = *(var_10h);
| /* esilref: '**' */
0x0040640c addiu s3, s3, -0x6058 | s3 += -0x6058;
0x00406410 lw s4, -0x7fd8(gp) | s4 = *((gp - 8182));
0x00406414 addiu s4, s4, -0x6054 | s4 += -0x6054;
0x00406418 b 0x406458 |
| while (s1 != s2) {
0x0040641c lw t9, -0x7ee8(gp) | t9 = sym._MIPS_STUBS_;
| if (v0 == 0) {
0x00406420 bnez v0, 0x406440 |
0x00406424 move a0, s0 | a0 = s0;
0x00406428 move a1, s4 | a1 = s4;
0x0040642c jalr t9 | t9 ();
0x00406430 lw gp, 0x10(sp) | gp = *(var_10h);
0x00406434 addiu s5, s0, 1 | s5 = s0 + 1;
0x00406438 move s0, s5 | s0 = s5;
0x0040643c lw t9, -0x7ee8(gp) | t9 = sym._MIPS_STUBS_;
| }
0x00406440 move a0, s0 | a0 = s0;
0x00406444 move a1, s3 | a1 = s3;
0x00406448 jalr t9 | t9 ();
0x0040644c lw gp, 0x10(sp) | gp = *(var_10h);
0x00406450 addiu s0, s0, 2 | s0 += 2;
0x00406454 addiu s1, s1, 1 | s1++;
0x00406458 andi v0, s1, 1 | v0 = s1 & 1;
0x0040645c bne s1, s2, 0x40641c |
| }
0x00406460 lw ra, 0x34(sp) | ra = *(var_34h);
0x00406464 b 0x4064f4 | goto label_1;
| label_0:
0x00406468 lw s4, -0x7fd8(gp) | s4 = *((gp - 8182));
0x0040646c lw t9, -0x7f34(gp) | t9 = sym.imp.sprintf
0x00406470 move s3, a2 | s3 = a2;
0x00406474 lbu a2, (a2) | a2 = *(a2);
| /* str._.2X */
0x00406478 addiu a1, s4, -0x6050 | a1 = s4 + -0x6050;
0x0040647c addiu s0, s0, 2 | s0 += 2;
0x00406480 jalr t9 | t9 ();
0x00406484 lw gp, 0x10(sp) | gp = *(var_10h);
0x00406488 addiu s1, zero, 1 | s1 = 1;
| /* str._.2X */
0x0040648c addiu s4, s4, -0x6050 | s4 += -0x6050;
0x00406490 lw s5, -0x7fd8(gp) | s5 = *((gp - 8182));
0x00406494 addiu s5, s5, -0x6054 | s5 += -0x6054;
0x00406498 b 0x4064e4 |
| while (v0 != 0) {
0x0040649c addu v0, s3, s1 | v0 = s3 + s1;
| if (v0 == 0) {
0x004064a0 bnez v0, 0x4064c4 |
0x004064a4 lw t9, -0x7ee8(gp) | t9 = sym._MIPS_STUBS_;
0x004064a8 move a0, s0 | a0 = s0;
0x004064ac move a1, s5 | a1 = s5;
0x004064b0 jalr t9 | t9 ();
0x004064b4 lw gp, 0x10(sp) | gp = *(var_10h);
0x004064b8 addiu s6, s0, 1 | s6 = s0 + 1;
0x004064bc move s0, s6 | s0 = s6;
0x004064c0 addu v0, s3, s1 | v0 = s3 + s1;
| }
0x004064c4 lw t9, -0x7f34(gp) | t9 = sym.imp.sprintf
0x004064c8 lbu a2, (v0) | a2 = *(v0);
0x004064cc move a0, s0 | a0 = s0;
0x004064d0 move a1, s4 | a1 = s4;
0x004064d4 jalr t9 | t9 ();
0x004064d8 lw gp, 0x10(sp) | gp = *(var_10h);
0x004064dc addiu s0, s0, 2 | s0 += 2;
0x004064e0 addiu s1, s1, 1 | s1++;
0x004064e4 slt v0, s1, s2 | v0 = (s1 < s2) ? 1 : 0;
0x004064e8 andi v0, s1, 1 | v0 = s1 & 1;
0x004064ec bnez v0, 0x40649c |
| }
0x004064f0 lw ra, 0x34(sp) | ra = *(var_34h);
| label_1:
0x004064f4 lw s6, 0x30(sp) | s6 = *(var_30h);
0x004064f8 lw s5, 0x2c(sp) | s5 = *(var_2ch);
0x004064fc lw s4, 0x28(sp) | s4 = *(var_28h);
0x00406500 lw s3, 0x24(sp) | s3 = *(var_24h);
0x00406504 lw s2, 0x20(sp) | s2 = *(var_20h);
0x00406508 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x0040650c lw s0, 0x18(sp) | s0 = *(var_18h);
0x00406510 addiu sp, sp, 0x38 |
0x00406514 jr ra | return v0;
| }
[*] Function sprintf used 6 times iwlist
