[*] Binary protection state of iwpriv
No RELRO No Canary found NX disabled No PIE No RPATH No RUNPATH Symbols
[*] Function sprintf tear down of iwpriv
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwpriv @ 0x404bcc */
| #include <stdint.h>
|
; (fcn) sym.iw_ether_ntop () | void iw_ether_ntop () {
0x00404bcc lui gp, 2 |
0x00404bd0 addiu gp, gp, -0x589c |
0x00404bd4 addu gp, gp, t9 | gp += t9;
0x00404bd8 addiu sp, sp, -0x30 |
0x00404bdc sw ra, 0x2c(sp) | *(var_2ch) = ra;
0x00404be0 sw gp, 0x20(sp) | *(var_20h) = gp;
0x00404be4 lbu v0, 2(a0) | v0 = *((a0 + 2));
0x00404be8 lbu a2, (a0) | a2 = *(a0);
0x00404bec lbu a3, 1(a0) | a3 = *((a0 + 1));
0x00404bf0 sw v0, 0x10(sp) | *(var_10h) = v0;
0x00404bf4 lbu v0, 3(a0) | v0 = *((a0 + 3));
0x00404bf8 lw t9, -0x7f3c(gp) | t9 = sym.imp.sprintf
0x00404bfc sw v0, 0x14(sp) | *(var_14h) = v0;
0x00404c00 lbu v0, 4(a0) | v0 = *((a0 + 4));
0x00404c04 sw v0, 0x18(sp) | *(var_18h) = v0;
0x00404c08 lbu v0, 5(a0) | v0 = *((a0 + 5));
0x00404c0c move a0, a1 | a0 = a1;
0x00404c10 lw a1, -0x7fdc(gp) | a1 = *(gp);
0x00404c14 sw v0, 0x1c(sp) | *(var_1ch) = v0;
| /* str._02X:_02X:_02X:_02X:_02X:_02X */
0x00404c18 addiu a1, a1, 0x67f4 | a1 += 0x67f4;
0x00404c1c jalr t9 | t9 ();
0x00404c20 lw ra, 0x2c(sp) | ra = *(var_2ch);
0x00404c24 addiu sp, sp, 0x30 |
0x00404c28 jr ra | return v0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwpriv @ 0x404af0 */
| #include <stdint.h>
|
; (fcn) sym.iw_mac_ntop () | void iw_mac_ntop () {
0x00404af0 lui gp, 2 |
0x00404af4 addiu gp, gp, -0x57c0 |
0x00404af8 addu gp, gp, t9 | gp += t9;
0x00404afc addiu v0, zero, 3 | v0 = 3;
0x00404b00 mul v0, a1, v0 | __asm ("mul v0, a1, v0");
0x00404b04 addiu sp, sp, -0x38 |
0x00404b08 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00404b0c sw ra, 0x34(sp) | *(var_34h) = ra;
0x00404b10 sw s5, 0x30(sp) | *(var_30h) = s5;
0x00404b14 sw s4, 0x2c(sp) | *(var_2ch) = s4;
0x00404b18 sw s3, 0x28(sp) | *(var_28h) = s3;
0x00404b1c sw s2, 0x24(sp) | *(var_24h) = s2;
0x00404b20 sw s1, 0x20(sp) | *(var_20h) = s1;
0x00404b24 sw s0, 0x1c(sp) | *(var_1ch) = s0;
0x00404b28 slt a3, a3, v0 | a3 = (a3 < v0) ? 1 : 0;
0x00404b2c move s4, a0 | s4 = a0;
| if (a3 != 0) {
0x00404b30 bnez a3, 0x404ba0 | goto label_0;
| }
0x00404b34 move s3, a1 | s3 = a1;
0x00404b38 lw a1, -0x7fdc(gp) | a1 = *(gp);
0x00404b3c lw t9, -0x7f3c(gp) | t9 = sym.imp.sprintf
0x00404b40 move s0, a2 | s0 = a2;
0x00404b44 move a0, a2 | a0 = a2;
0x00404b48 lbu a2, (s4) | a2 = *(s4);
| /* str._02X */
0x00404b4c addiu a1, a1, 0x67ec | a1 += 0x67ec;
0x00404b50 addiu s2, s0, 2 | s2 = s0 + 2;
0x00404b54 jalr t9 | t9 ();
0x00404b58 lw gp, 0x10(sp) | gp = *(var_10h);
0x00404b5c addiu s1, zero, 1 | s1 = 1;
0x00404b60 lw s5, -0x7fdc(gp) | s5 = *(gp);
| /* esilref: ':&X' */
0x00404b64 addiu s5, s5, 0x680c | s5 += 0x680c;
0x00404b68 b 0x404b8c |
| while (v0 != 0) {
0x00404b6c lw t9, -0x7f3c(gp) | t9 = sym.imp.sprintf
0x00404b70 lbu a2, (v0) | a2 = *(v0);
0x00404b74 move a0, s2 | a0 = s2;
0x00404b78 move a1, s5 | a1 = s5;
0x00404b7c jalr t9 | t9 ();
0x00404b80 lw gp, 0x10(sp) | gp = *(var_10h);
0x00404b84 addiu s1, s1, 1 | s1++;
0x00404b88 addiu s2, s2, 3 | s2 += 3;
0x00404b8c slt v0, s1, s3 | v0 = (s1 < s3) ? 1 : 0;
0x00404b90 addu v0, s4, s1 | v0 = s4 + s1;
0x00404b94 bnez v0, 0x404b6c |
| }
0x00404b98 lw ra, 0x34(sp) | ra = *(var_34h);
0x00404b9c b 0x404ba8 | goto label_1;
| label_0:
0x00404ba0 move s0, zero | s0 = 0;
0x00404ba4 lw ra, 0x34(sp) | ra = *(var_34h);
| label_1:
0x00404ba8 move v0, s0 | v0 = s0;
0x00404bac lw s5, 0x30(sp) | s5 = *(var_30h);
0x00404bb0 lw s4, 0x2c(sp) | s4 = *(var_2ch);
0x00404bb4 lw s3, 0x28(sp) | s3 = *(var_28h);
0x00404bb8 lw s2, 0x24(sp) | s2 = *(var_24h);
0x00404bbc lw s1, 0x20(sp) | s1 = *(var_20h);
0x00404bc0 lw s0, 0x1c(sp) | s0 = *(var_1ch);
0x00404bc4 addiu sp, sp, 0x38 |
0x00404bc8 jr ra | return v0;
| }
; assembly | /* r2dec pseudo code output */
| /* /logs/firmware/unblob_extracted/firmware_extract/6225984-11075644.jffs2_new_extract/bin/iwpriv @ 0x403e40 */
| #include <stdint.h>
|
; (fcn) sym.iw_print_key () | void iw_print_key () {
0x00403e40 lui gp, 2 |
0x00403e44 addiu gp, gp, -0x4b10 |
0x00403e48 addu gp, gp, t9 | gp += t9;
0x00403e4c addiu v1, zero, 3 | v1 = 3;
0x00403e50 mul v1, a3, v1 | __asm ("mul v1, a3, v1");
0x00403e54 addiu sp, sp, -0x38 |
0x00403e58 sw gp, 0x10(sp) | *(var_10h) = gp;
0x00403e5c sw ra, 0x34(sp) | *(var_34h) = ra;
0x00403e60 sw s6, 0x30(sp) | *(var_30h) = s6;
0x00403e64 sw s5, 0x2c(sp) | *(var_2ch) = s5;
0x00403e68 sw s4, 0x28(sp) | *(var_28h) = s4;
0x00403e6c sw s3, 0x24(sp) | *(var_24h) = s3;
0x00403e70 sw s2, 0x20(sp) | *(var_20h) = s2;
0x00403e74 sw s1, 0x1c(sp) | *(var_1ch) = s1;
0x00403e78 sw s0, 0x18(sp) | *(var_18h) = s0;
0x00403e7c slt v1, a1, v1 | v1 = (a1 < v1) ? 1 : 0;
0x00403e80 lw v0, 0x48(sp) | v0 = *(arg_48h);
| if (v1 != 0) {
0x00403e84 beqz v1, 0x403ebc |
0x00403e88 lw a2, -0x7fdc(gp) | a2 = *(gp);
0x00403e8c lw ra, 0x34(sp) | ra = *(var_34h);
0x00403e90 lw s6, 0x30(sp) | s6 = *(var_30h);
0x00403e94 lw s5, 0x2c(sp) | s5 = *(var_2ch);
0x00403e98 lw s4, 0x28(sp) | s4 = *(var_28h);
0x00403e9c lw s3, 0x24(sp) | s3 = *(var_24h);
0x00403ea0 lw s2, 0x20(sp) | s2 = *(var_20h);
0x00403ea4 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x00403ea8 lw s0, 0x18(sp) | s0 = *(var_18h);
0x00403eac lw t9, -0x7eec(gp) | t9 = sym.imp.snprintf;
| /* str._too_big_ */
0x00403eb0 addiu a2, a2, 0x65f4 | a2 += 0x65f4;
0x00403eb4 addiu sp, sp, 0x38 |
0x00403eb8 jr t9 | t9 ();
| }
0x00403ebc andi v0, v0, 0x800 | v0 &= 0x800;
0x00403ec0 move s0, a0 | s0 = a0;
0x00403ec4 move s2, a3 | s2 = a3;
| if (v0 == 0) {
0x00403ec8 beqz v0, 0x403f78 | goto label_0;
| }
0x00403ecc lw t9, -0x7ee8(gp) | t9 = sym._MIPS_STUBS_;
| if (a3 <= 0) {
0x00403ed0 bgtz a3, 0x403f04 |
0x00403ed4 lw a1, -0x7fdc(gp) | a1 = *(gp);
0x00403ed8 lw ra, 0x34(sp) | ra = *(var_34h);
0x00403edc lw s6, 0x30(sp) | s6 = *(var_30h);
0x00403ee0 lw s5, 0x2c(sp) | s5 = *(var_2ch);
0x00403ee4 lw s4, 0x28(sp) | s4 = *(var_28h);
0x00403ee8 lw s3, 0x24(sp) | s3 = *(var_24h);
0x00403eec lw s2, 0x20(sp) | s2 = *(var_20h);
0x00403ef0 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x00403ef4 lw s0, 0x18(sp) | s0 = *(var_18h);
| /* esilref: 'on' */
0x00403ef8 addiu a1, a1, 0x6600 | a1 += 0x6600;
0x00403efc addiu sp, sp, 0x38 |
0x00403f00 jr t9 | t9 ();
| }
0x00403f04 lw s3, -0x7fdc(gp) | s3 = *(gp);
0x00403f08 addiu s0, s0, 2 | s0 += 2;
0x00403f0c addiu s1, zero, 1 | s1 = 1;
| /* esilref: '**' */
0x00403f10 addiu a1, s3, 0x6604 | a1 = s3 + 0x6604;
0x00403f14 jalr t9 | t9 ();
0x00403f18 lw gp, 0x10(sp) | gp = *(var_10h);
| /* esilref: '**' */
0x00403f1c addiu s3, s3, 0x6604 | s3 += 0x6604;
0x00403f20 lw s4, -0x7fdc(gp) | s4 = *(gp);
0x00403f24 addiu s4, s4, 0x6608 | s4 += 0x6608;
0x00403f28 b 0x403f68 |
| while (s1 != s2) {
0x00403f2c lw t9, -0x7ee8(gp) | t9 = sym._MIPS_STUBS_;
| if (v0 == 0) {
0x00403f30 bnez v0, 0x403f50 |
0x00403f34 move a0, s0 | a0 = s0;
0x00403f38 move a1, s4 | a1 = s4;
0x00403f3c jalr t9 | t9 ();
0x00403f40 lw gp, 0x10(sp) | gp = *(var_10h);
0x00403f44 addiu s5, s0, 1 | s5 = s0 + 1;
0x00403f48 move s0, s5 | s0 = s5;
0x00403f4c lw t9, -0x7ee8(gp) | t9 = sym._MIPS_STUBS_;
| }
0x00403f50 move a0, s0 | a0 = s0;
0x00403f54 move a1, s3 | a1 = s3;
0x00403f58 jalr t9 | t9 ();
0x00403f5c lw gp, 0x10(sp) | gp = *(var_10h);
0x00403f60 addiu s0, s0, 2 | s0 += 2;
0x00403f64 addiu s1, s1, 1 | s1++;
0x00403f68 andi v0, s1, 1 | v0 = s1 & 1;
0x00403f6c bne s1, s2, 0x403f2c |
| }
0x00403f70 lw ra, 0x34(sp) | ra = *(var_34h);
0x00403f74 b 0x404004 | goto label_1;
| label_0:
0x00403f78 lw s4, -0x7fdc(gp) | s4 = *(gp);
0x00403f7c lw t9, -0x7f3c(gp) | t9 = sym.imp.sprintf
0x00403f80 move s3, a2 | s3 = a2;
0x00403f84 lbu a2, (a2) | a2 = *(a2);
| /* str._.2X */
0x00403f88 addiu a1, s4, 0x660c | a1 = s4 + 0x660c;
0x00403f8c addiu s0, s0, 2 | s0 += 2;
0x00403f90 jalr t9 | t9 ();
0x00403f94 lw gp, 0x10(sp) | gp = *(var_10h);
0x00403f98 addiu s1, zero, 1 | s1 = 1;
| /* str._.2X */
0x00403f9c addiu s4, s4, 0x660c | s4 += 0x660c;
0x00403fa0 lw s5, -0x7fdc(gp) | s5 = *(gp);
0x00403fa4 addiu s5, s5, 0x6608 | s5 += 0x6608;
0x00403fa8 b 0x403ff4 |
| while (v0 != 0) {
0x00403fac addu v0, s3, s1 | v0 = s3 + s1;
| if (v0 == 0) {
0x00403fb0 bnez v0, 0x403fd4 |
0x00403fb4 lw t9, -0x7ee8(gp) | t9 = sym._MIPS_STUBS_;
0x00403fb8 move a0, s0 | a0 = s0;
0x00403fbc move a1, s5 | a1 = s5;
0x00403fc0 jalr t9 | t9 ();
0x00403fc4 lw gp, 0x10(sp) | gp = *(var_10h);
0x00403fc8 addiu s6, s0, 1 | s6 = s0 + 1;
0x00403fcc move s0, s6 | s0 = s6;
0x00403fd0 addu v0, s3, s1 | v0 = s3 + s1;
| }
0x00403fd4 lw t9, -0x7f3c(gp) | t9 = sym.imp.sprintf
0x00403fd8 lbu a2, (v0) | a2 = *(v0);
0x00403fdc move a0, s0 | a0 = s0;
0x00403fe0 move a1, s4 | a1 = s4;
0x00403fe4 jalr t9 | t9 ();
0x00403fe8 lw gp, 0x10(sp) | gp = *(var_10h);
0x00403fec addiu s0, s0, 2 | s0 += 2;
0x00403ff0 addiu s1, s1, 1 | s1++;
0x00403ff4 slt v0, s1, s2 | v0 = (s1 < s2) ? 1 : 0;
0x00403ff8 andi v0, s1, 1 | v0 = s1 & 1;
0x00403ffc bnez v0, 0x403fac |
| }
0x00404000 lw ra, 0x34(sp) | ra = *(var_34h);
| label_1:
0x00404004 lw s6, 0x30(sp) | s6 = *(var_30h);
0x00404008 lw s5, 0x2c(sp) | s5 = *(var_2ch);
0x0040400c lw s4, 0x28(sp) | s4 = *(var_28h);
0x00404010 lw s3, 0x24(sp) | s3 = *(var_24h);
0x00404014 lw s2, 0x20(sp) | s2 = *(var_20h);
0x00404018 lw s1, 0x1c(sp) | s1 = *(var_1ch);
0x0040401c lw s0, 0x18(sp) | s0 = *(var_18h);
0x00404020 addiu sp, sp, 0x38 |
0x00404024 jr ra | return v0;
| }
[*] Function sprintf used 6 times iwpriv
