diff --git a/disassemblies/usr/bin/webmgnt/mbox-config/cgi_system-status_GET_wireless_config.c b/disassemblies/usr/bin/webmgnt/mbox-config/cgi_system-status_GET_wireless_config.c new file mode 100644 index 0000000..f80c388 --- /dev/null +++ b/disassemblies/usr/bin/webmgnt/mbox-config/cgi_system-status_GET_wireless_config.c @@ -0,0 +1,320 @@ + +int cgi_system_status_GET_wireless_config + (undefined4 param_1,undefined4 param_2,undefined4 param_3,undefined4 param_4) + +{ + undefined3 extraout_var; + bool bVar4; + char *pcVar1; + int iVar2; + int *piVar3; + undefined4 uVar5; + undefined *puVar6; + undefined1 *puVar7; + char local_c0 [64]; + char local_80 [64]; + char local_40 [16]; + int *local_30; + char *local_2c; + char *local_28; + char *local_24; + undefined4 local_20; + int local_1c; + undefined4 local_18; + undefined4 local_14; + + local_2c = local_c0; + uVar5 = 0; + memset(local_2c,0,0x40); + local_40[0] = '\0'; + local_40[1] = '\0'; + local_40[2] = '\0'; + local_40[3] = '\0'; + local_40[4] = '\0'; + local_40[5] = '\0'; + local_40[6] = '\0'; + local_40[7] = '\0'; + local_40[8] = '\0'; + local_40[9] = '\0'; + local_40[10] = '\0'; + local_40[0xb] = '\0'; + local_40[0xc] = '\0'; + local_40[0xd] = '\0'; + local_40[0xe] = '\0'; + local_40[0xf] = '\0'; + local_80[0] = '\0'; + local_80[1] = '\0'; + local_80[2] = '\0'; + local_80[3] = '\0'; + local_80[4] = '\0'; + local_80[5] = '\0'; + local_80[6] = '\0'; + local_80[7] = '\0'; + local_80[8] = '\0'; + local_80[9] = '\0'; + local_80[10] = '\0'; + local_80[0xb] = '\0'; + local_80[0xc] = '\0'; + local_80[0xd] = '\0'; + local_80[0xe] = '\0'; + local_80[0xf] = '\0'; + bVar4 = file_exists("/tmp/sysinfo/no_ht80_with_11a",uVar5,&_mips_gp0_value,param_4); + if (CONCAT31(extraout_var,bVar4) != 0) { + file_first_line(local_c0,0x40,"/tmp/sysinfo/no_ht80_with_11a"); + } + puVar7 = &_mips_gp0_value; + local_1c = atoi(local_c0); + local_18 = FUN_004125a0(param_2,"radios",puVar7,param_4); + local_30 = (int *)0x0; + do { + pcVar1 = get_uci_value(0x14,local_30,0); + strcpy(local_c0,pcVar1); + local_28 = local_80; + if (local_c0[0] == '\0') break; + local_14 = FUN_004125c4(param_2,0,&_mips_gp0_value,param_4); + pcVar1 = get_uci_value(0x14,local_30,0xc); + blobmsg_add_string_3(param_2,s_disabled_00474c34,pcVar1); + pcVar1 = get_uci_value(0x14,local_30,8); + blobmsg_add_string_3(param_2,s_shortgi_00474a24,pcVar1); + pcVar1 = get_uci_value(0x14,local_30,5); + strcpy(local_c0,pcVar1); + if (local_c0[0] == '\0') { + strcpy(local_c0,"2346"); + } + blobmsg_add_string_3(param_2,&DAT_00474898,local_c0); + pcVar1 = get_uci_value(0x14,local_30,6); + strcpy(local_c0,pcVar1); + if (local_c0[0] == '\0') { + strcpy(local_c0,"2347"); + } + puVar6 = &DAT_0047491c; + blobmsg_add_string_3(param_2,&DAT_0047491c,local_c0); + uVar5 = get_radio_txpower_level((int)local_30,puVar6,&_mips_gp0_value,param_4); + local_20 = 0x412629; + FUN_00412628(param_2,s_txpower_level_00474cb7 + 1,uVar5); + pcVar1 = get_uci_value(0x14,local_30,7); + blobmsg_add_string_3(param_2,s_txpower_004749a0,pcVar1); + pcVar1 = get_uci_value(0x14,local_30,2); + blobmsg_add_string_3(param_2,s_channel_0047470c,pcVar1); + local_24 = local_40; + local_40[0] = '\0'; + local_40[1] = '\0'; + local_40[2] = '\0'; + local_40[3] = '\0'; + local_40[4] = '\0'; + local_40[5] = '\0'; + local_40[6] = '\0'; + local_40[7] = '\0'; + local_40[8] = '\0'; + local_40[9] = '\0'; + local_40[10] = '\0'; + local_40[0xb] = '\0'; + local_40[0xc] = '\0'; + local_40[0xd] = '\0'; + local_40[0xe] = '\0'; + local_40[0xf] = '\0'; + local_80[0] = '\0'; + local_80[1] = '\0'; + local_80[2] = '\0'; + local_80[3] = '\0'; + local_80[4] = '\0'; + local_80[5] = '\0'; + local_80[6] = '\0'; + local_80[7] = '\0'; + local_80[8] = '\0'; + local_80[9] = '\0'; + local_80[10] = '\0'; + local_80[0xb] = '\0'; + local_80[0xc] = '\0'; + local_80[0xd] = '\0'; + local_80[0xe] = '\0'; + local_80[0xf] = '\0'; + pcVar1 = get_uci_value(0x14,local_30,3); + strcpy(local_24,pcVar1); + pcVar1 = get_uci_value(0x14,local_30,9); + strcpy(local_80,pcVar1); + pcVar1 = strchr(local_24,0x61); + if (pcVar1 == (char *)0x0) { + pcVar1 = local_80; + } + else { + pcVar1 = strstr(local_80,"20"); + if (pcVar1 == (char *)0x0) { + pcVar1 = strstr(local_80,"40"); + if (pcVar1 == (char *)0x0) { + pcVar1 = "VHT80"; + } + else { + pcVar1 = "HT40"; + } + } + else { + pcVar1 = "HT20"; + } + } + blobmsg_add_string_3(param_2,s_htmode_00474aa7 + 1,pcVar1); + pcVar1 = get_uci_value(0x14,local_30,3); + blobmsg_add_string_3(param_2,s_hwmode_00474790,pcVar1); + pcVar1 = get_uci_value(0x14,local_30,1); + blobmsg_add_string_3(param_2,&DAT_00474688,pcVar1); + pcVar1 = get_uci_value(0x14,local_30,4); + blobmsg_add_string_3(param_2,s_country_00474814,pcVar1); + pcVar1 = get_uci_value(0x14,local_30,0x10); + blobmsg_add_string_3(param_2,s_distance_00474e44,pcVar1); + FUN_00412628(param_2,"no_ht80_with_11a",local_1c); + blob_nest_end(param_2,local_14,&_mips_gp0_value); + local_30 = (int *)((int)local_30 + 1); + } while (local_30 != (int *)0x2); + blob_nest_end(param_2,local_18,&_mips_gp0_value); + memset(local_c0,0,0x40); + local_80[0] = 'l'; + local_80[1] = 'a'; + local_80[2] = 'n'; + local_80[3] = '\0'; + local_80[4] = '\0'; + local_80[5] = '\0'; + local_80[6] = '\0'; + local_80[7] = '\0'; + local_80[8] = '\0'; + local_80[9] = '\0'; + local_80[10] = '\0'; + local_80[0xb] = '\0'; + local_80[0xc] = '\0'; + local_80[0xd] = '\0'; + local_80[0xe] = '\0'; + local_80[0xf] = '\0'; + local_80[0x10] = '\0'; + local_80[0x11] = '\0'; + local_80[0x12] = '\0'; + local_80[0x13] = '\0'; + local_80[0x14] = '\0'; + local_80[0x15] = '\0'; + local_80[0x16] = '\0'; + local_80[0x17] = '\0'; + local_80[0x18] = '\0'; + local_80[0x19] = '\0'; + local_80[0x1a] = '\0'; + local_80[0x1b] = '\0'; + local_80[0x1c] = '\0'; + local_80[0x1d] = '\0'; + local_80[0x1e] = '\0'; + local_80[0x1f] = '\0'; + local_24 = (char *)FUN_004125a0(param_2,"wifis",&_mips_gp0_value,param_4); + local_30 = (int *)0x0; + do { + pcVar1 = get_uci_value(0x15,local_30,0); + strcpy(local_c0,pcVar1); + if (local_c0[0] == '\0') break; + pcVar1 = get_uci_value(0x15,local_30,4); + strcpy(local_c0,pcVar1); + iVar2 = strcmp(local_c0,"vif-sta0"); + if (iVar2 == 0) break; + local_20 = FUN_004125c4(param_2,0,&_mips_gp0_value,param_4); + pcVar1 = get_uci_value(0x15,local_30,0x13); + blobmsg_add_string_3(param_2,s_macaddr_00473d40,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,1); + blobmsg_add_string_3(param_2,s_device_004733f8,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,0x10); + blobmsg_add_string_3(param_2,s_disabled_00473bb4,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,0xd); + blobmsg_add_string_3(param_2,s_hidden_00473a27 + 1,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,0xe); + blobmsg_add_string_3(param_2,&DAT_00473aac,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,0x11); + blobmsg_add_string_3(param_2,s_isolate_00473c38,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,0x12); + blobmsg_add_string_3(param_2,s_maxassoc_00473cbc,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,0xf); + blobmsg_add_string_3(param_2,&DAT_00473b30,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,4); + blobmsg_add_string_3(param_2,s_ifname_00473584,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,3); + blobmsg_add_string_3(param_2,&DAT_00473500,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,5); + blobmsg_add_string_3(param_2,s_ssid_00473608,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,6); + blobmsg_add_string_3(param_2,s_mesh_id_0047368c,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,7); + blobmsg_add_string_3(param_2,s_encryption_00473710,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,8); + blobmsg_add_string_3(param_2,s_key_00473794,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,9); + blobmsg_add_string_3(param_2,&DAT_00473818,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,10); + blobmsg_add_string_3(param_2,&DAT_0047389c,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,0xb); + blobmsg_add_string_3(param_2,&DAT_00473920,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,0xc); + blobmsg_add_string_3(param_2,&DAT_004739a4,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,2); + strcpy(local_80,pcVar1); + blobmsg_add_string_3(param_2,s_network_0047347c,local_80); + pcVar1 = get_uci_value(0x15,local_30,0x17); + blobmsg_add_string_3(param_2,s_wpa_group_rekey_00473f50,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,0x18); + blobmsg_add_string_3(param_2,s_wpa_pair_rekey_00473fd4,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,0x19); + blobmsg_add_string_3(param_2,s_wpa_master_rekey_00474058,pcVar1); + pcVar1 = get_uci_value(0x15,local_30,0x1a); + blobmsg_add_string_3(param_2,s_disassoc_low_ack_004740dc,pcVar1); + blob_nest_end(param_2,local_20,&_mips_gp0_value); + local_30 = (int *)((int)local_30 + 1); + } while (local_30 != (int *)0x10); + blob_nest_end(param_2,local_24,&_mips_gp0_value); + local_40[0] = '\0'; + local_40[1] = '\0'; + local_40[2] = '\0'; + local_40[3] = '\0'; + local_40[4] = '\0'; + local_40[5] = '\0'; + local_40[6] = '\0'; + local_40[7] = '\0'; + local_40[8] = '\0'; + local_40[9] = '\0'; + local_40[10] = '\0'; + local_40[0xb] = '\0'; + local_40[0xc] = '\0'; + local_40[0xd] = '\0'; + local_40[0xe] = '\0'; + local_40[0xf] = '\0'; + memset(local_80,0,0x40); + memset(local_c0,0,0x40); + iVar2 = access("/etc/config/vlan",0); + if (iVar2 == 0) { + local_24 = (char *)FUN_004125a0(param_2,"vlan",&_mips_gp0_value,param_4); + local_c0[0] = '\0'; + strcpy(local_c0,"lan"); + piVar3 = (int *)0x1; + do { + pcVar1 = get_uci_value(0x1b,piVar3,0); + local_30 = (int *)((int)piVar3 + 1); + if ((*pcVar1 != '\0') && (pcVar1 = get_uci_value(0x1b,piVar3,2), *pcVar1 != '\0')) { + strcat(local_c0," "); + sprintf(local_40,"lan%d",local_30); + strcat(local_c0,local_40); + } + piVar3 = local_30; + } while (local_30 != (int *)0x5); + pcVar1 = get_uci_value(0x43,0,1); + strcpy(local_80,pcVar1); + if ((local_80[0] != '\0') && (piVar3 = set_charlist_to_intlist(local_80), *piVar3 != 0)) { + local_30 = piVar3; + for (local_28 = (char *)0x1; local_30 = local_30 + 1, (int)local_28 <= *piVar3; + local_28 = local_28 + 1) { + pcVar1 = get_uci_value(0x47,*local_30,0); + if ((*pcVar1 != '\0') && (pcVar1 = get_uci_value(0x44,*local_30,0), *pcVar1 != '\0')) { + strcat(local_c0," "); + pcVar1 = get_uci_value(0x47,*local_30,4); + strcat(local_c0,pcVar1); + } + } + } + uVar5 = FUN_004125c4(param_2,0,&_mips_gp0_value,param_4); + blobmsg_add_string_3(param_2,s_interface_004688c8,local_c0); + blob_nest_end(param_2,uVar5,&_mips_gp0_value); + blob_nest_end(param_2,local_24,&_mips_gp0_value); + } + wireless_distance_auth_get(param_1,param_2,&_mips_gp0_value,param_4); + return 0; +} + diff --git a/disassemblies/usr/bin/webmgnt/mbox-config/mbox_get_systemlog.c b/disassemblies/usr/bin/webmgnt/mbox-config/mbox_get_systemlog.c new file mode 100644 index 0000000..10576d3 --- /dev/null +++ b/disassemblies/usr/bin/webmgnt/mbox-config/mbox_get_systemlog.c @@ -0,0 +1,31 @@ + +int mbox_get_systemlog(undefined4 param_1,undefined4 param_2) + +{ + size_t sVar1; + char acStack_7821 [30721]; + char *local_20; + FILE *local_1c; + int local_18; + undefined4 local_14; + + local_20 = acStack_7821 + 1; + memset(local_20,0,0x7800); + local_14 = blobmsg_open_nested(param_2,"systemlog",0); + system("logread > /tmp/systemlog"); + local_1c = fopen("/tmp/systemlog","r"); + local_18 = 8; + if (local_1c != (FILE *)0x0) { + fread(acStack_7821 + 1,0x7800,1,local_1c); + sVar1 = strlen(acStack_7821 + 1); + acStack_7821[sVar1] = '\0'; + FUN_0043f86c(param_2,"systemlog",acStack_7821 + 1); + local_18 = 0; + } + blob_nest_end(param_2,local_14,&_mips_gp0_value); + if (local_1c != (FILE *)0x0) { + fclose(local_1c); + } + return local_18; +} + diff --git a/disassemblies/usr/bin/webmgnt/mbox-config/mbox_get_wifi_scan.c b/disassemblies/usr/bin/webmgnt/mbox-config/mbox_get_wifi_scan.c new file mode 100644 index 0000000..e7956f8 --- /dev/null +++ b/disassemblies/usr/bin/webmgnt/mbox-config/mbox_get_wifi_scan.c @@ -0,0 +1,146 @@ + +/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ + +int mbox_get_wifi_scan(int *param_1,undefined4 param_2) + +{ + byte bVar1; + byte bVar2; + code *string; + char *pcVar3; + undefined *puVar4; + char *pcVar5; + int iVar6; + byte *pbVar7; + uint uVar8; + undefined1 auStack_6040 [3]; + byte abStack_603d [45]; + undefined1 local_6010 [3]; + byte local_600d [24525]; + char *local_40; + undefined4 local_3c; + char *local_38; + int local_34; + code *local_30; + char *local_2c; + byte *local_28; + undefined1 *local_24; + undefined4 local_20; + undefined4 local_1c; + + local_40 = "ifname"; + local_3c = 3; + local_24 = auStack_6040; + memset(local_24,0,0x6000); + iVar6 = *param_1; + blobmsg_parse(&local_40,1,&local_38,iVar6 + 4, + ((uint)*(byte *)(iVar6 + 3) | + (uint)*(byte *)(iVar6 + 2) << 8 | (uint)*(byte *)(iVar6 + 1) << 0x10) - 4); + local_30 = (code *)0x8; + if (local_38 != (char *)0x0) { + pcVar3 = FUN_004123bc(local_38); + local_28 = (byte *)iwinfo_backend(pcVar3); + local_30 = (code *)0x6; + if (local_28 != (byte *)0x0) { + pcVar3 = FUN_004123bc(local_38); + iVar6 = (**(code **)(local_28 + 0x60))(pcVar3,auStack_6040,&local_34); + local_30 = (code *)0x7; + if (iVar6 == 0) { + pcVar3 = "wireless_scan_info"; + fprintf(_stderr,"[%s,%s,%d]: Scanning result length: %d","wireless.c","wireless_scan_info", + 0x75f,local_34); + fputc(10,_stderr); + iVar6 = local_34; + syslog(6,"Scanning result length: %d"); + local_20 = FUN_004125a0(param_2,"scanResult",iVar6,pcVar3); + local_28 = abStack_603d + 3; + for (pbVar7 = local_600d; local_30 = (code *)local_6010, + (int)(pbVar7 + (-3 - (int)local_30)) < local_34; pbVar7 = pbVar7 + 0x38) { + local_1c = FUN_004125c4(param_2,0,&_mips_gp0_value,pcVar3); + iVar6 = -(int)local_30; + local_30 = (code *)&DAT_0047e308; + if (pbVar7[(int)(abStack_603d + iVar6)] == 0) { + strcpy(&DAT_0047e308,"unknown"); + } + else { + snprintf(&DAT_0047e308,0x23,"%s",local_28); + } + string = local_30; + local_30 = blobmsg_add_string_3; + blobmsg_add_string_3(param_2,"ssid",(char *)string); + puVar4 = format_bssid(local_28 + -6); + (*local_30)(param_2,"address",puVar4); + (*local_30)(param_2,"mode", + *(undefined4 *)(&IWINFO_OPMODE_NAMES + *(int *)(local_28 + 0x22) * 4)); + local_2c = &DAT_0047e300; + pcVar3 = (char *)(uint)local_28[0x26]; + snprintf(&DAT_0047e300,8,"%d"); + (*local_30)(param_2,"channel",local_2c); + uVar8 = (uint)local_28[0x28] * 100; + if (local_28[0x29] == 0) { + trap(7); + } + else { + uVar8 = uVar8 / local_28[0x29]; + } + FUN_00412628(param_2,"quality",uVar8); + local_30 = (code *)&DAT_0047e100; + if (pbVar7[-3] == 0) { +LAB_00415790: + strcpy(&DAT_0047e100,"none"); + } + else { + bVar1 = pbVar7[2]; + bVar2 = pbVar7[-2]; + if ((bVar1 == 0) || (bVar2 != 0)) { + if (bVar2 == 0) goto LAB_00415790; + if (bVar2 == 2) { + local_2c = FUN_004123d8((uint)pbVar7[1]); + puVar4 = FUN_0041246c((uint)(*pbVar7 | pbVar7[-1])); + pcVar5 = "WPA2 %s (%s)"; + } + else if (bVar2 == 3) { + local_2c = FUN_004123d8((uint)pbVar7[1]); + puVar4 = FUN_0041246c((uint)(*pbVar7 | pbVar7[-1])); + pcVar5 = "mixed WPA/WPA2 %s (%s)"; + } + else { + if (bVar2 != 1) goto LAB_004157a8; + local_2c = FUN_004123d8((uint)pbVar7[1]); + puVar4 = FUN_0041246c((uint)(*pbVar7 | pbVar7[-1])); + pcVar5 = "WPA %s (%s)"; + } + pcVar3 = local_2c; + snprintf((char *)local_30,0x200,pcVar5,local_2c,puVar4); + } + else { + if ((bVar1 & 3) == 3) { + pcVar3 = FUN_0041246c((uint)*pbVar7); + pcVar5 = "WEP Open/Shared (%s)"; + } + else if ((bVar1 & 1) == 0) { + if ((bVar1 & 2) == 0) goto LAB_004157a8; + pcVar3 = FUN_0041246c((uint)*pbVar7); + pcVar5 = "WEP Shared Auth (%s)"; + } + else { + pcVar3 = FUN_0041246c((uint)*pbVar7); + pcVar5 = "WEP Open System (%s)"; + } + snprintf((char *)local_30,0x200,pcVar5); + } + } +LAB_004157a8: + blobmsg_add_string_3(param_2,"encryption",(char *)local_30); + blob_nest_end(param_2,local_1c,&_mips_gp0_value); + local_28 = local_28 + 0x38; + } + blob_nest_end(param_2,local_20); + local_30 = (code *)0x0; + } + iwinfo_finish(); + } + } + return (int)local_30; +} + diff --git a/disassemblies/usr/bin/webmgnt/mbox-config/mbox_set_motorhome_config_set.c b/disassemblies/usr/bin/webmgnt/mbox-config/mbox_set_motorhome_config_set.c new file mode 100644 index 0000000..ac28c74 --- /dev/null +++ b/disassemblies/usr/bin/webmgnt/mbox-config/mbox_set_motorhome_config_set.c @@ -0,0 +1,132 @@ + +int mbox_set_motorhome_config_set(int *param_1) + +{ + code *pcVar1; + char *pcVar2; + char *pcVar3; + undefined1 *puVar4; + int iVar5; + char acStack_130 [64]; + char acStack_f0 [8]; + char acStack_e8 [64]; + char acStack_a8 [32]; + char acStack_88 [24]; + undefined1 auStack_70 [40]; + int local_48; + int local_44; + code *local_40; + code *local_3c; + undefined1 *local_38; + undefined4 local_34; + undefined4 local_30; + char *local_2c; + undefined4 local_28; + char *local_24; + code *local_20; + undefined1 *local_1c; + char *local_18; + FILE *local_14; + + local_1c = auStack_70; + local_2c = "motorhome"; + local_28 = 2; + local_18 = acStack_130; + memcpy(local_1c,&motorhom_config_set_policy,0x28); + iVar5 = *param_1; + local_48 = 0; + local_44 = 0; + local_40 = (code *)0x0; + local_3c = (code *)0x0; + local_38 = (undefined1 *)0x0; + local_24 = (char *)0x0; + local_34 = 0; + local_30 = 0; + blobmsg_parse(&local_2c,1,&local_24,iVar5 + 4, + ((uint)*(byte *)(iVar5 + 3) | + (uint)*(byte *)(iVar5 + 2) << 8 | (uint)*(byte *)(iVar5 + 1) << 0x10) - 4); + local_14 = fopen("/tmp/sta_info","w"); + pcVar3 = local_24; + if (local_14 == (FILE *)0x0) { + return 9; + } + if (local_24 == (char *)0x0) goto LAB_00428b10; + local_20 = FUN_00427f80; + pcVar2 = FUN_00427f80(local_24); + blobmsg_parse(auStack_70,5,&local_48,pcVar2, + ((uint)(byte)pcVar3[3] | (uint)(byte)pcVar3[2] << 8 | (uint)(byte)pcVar3[1] << 0x10) + - 4); + pcVar1 = local_20; + if (local_48 == 0) goto LAB_00428b10; + memset(acStack_130,0,0xc0); + set_uci_value(0x1d,0,0,"wifi-iface"); + pcVar3 = get_uci_value(9,0,6); + set_uci_value(0x1d,0,2,pcVar3); + set_uci_value(0x1d,0,5,"sta"); + set_uci_value(0x1d,0,3,"wan"); + set_uci_value(0x1d,0,8,"radio0"); + local_20 = (code *)0x44e604; + set_uci_value(0x1d,0,1,"vif-sta0"); + local_1c = (undefined1 *)local_48; + pcVar3 = (char *)(*pcVar1)(); + strcpy(acStack_130,pcVar3); + pcVar3 = (char *)(*pcVar1)(local_1c); + set_uci_value(0x1d,0,9,pcVar3); + local_1c = local_38; + if (local_38 != (undefined1 *)0x0) { + pcVar3 = (char *)(*pcVar1)(local_38); + strcpy(acStack_88,pcVar3); + pcVar3 = (char *)(*pcVar1)(local_1c); + set_uci_value(0x1d,0,0xb,pcVar3); + } + if (local_44 != 0) { + pcVar3 = (char *)(*pcVar1)(); + local_20 = (code *)&local_34; + strcpy((char *)local_20,pcVar3); + strcpy(acStack_f0,(char *)local_20); + set_uci_value(0x1d,0,6,(char *)local_20); + iVar5 = strcmp((char *)local_20,"psk2"); + if (iVar5 == 0) { + local_20 = local_40; + pcVar3 = (char *)(*pcVar1)(); + strcpy(acStack_e8,pcVar3); + pcVar3 = (char *)(*pcVar1)(local_20); + puVar4 = (undefined1 *)0x10; + } + else { + iVar5 = strcmp((char *)local_20,"wep"); + if (iVar5 != 0) goto LAB_00428a1c; + local_20 = local_40; + pcVar3 = (char *)(*pcVar1)(local_40); + strcpy(acStack_e8,pcVar3); + pcVar3 = (char *)(*pcVar1)(local_20); + set_uci_value(0x1d,0,0x10,pcVar3); + local_20 = local_3c; + pcVar3 = (char *)(*pcVar1)(local_3c); + strcpy(acStack_a8,pcVar3); + pcVar3 = (char *)(*pcVar1)(local_40); + local_1c = (undefined1 *)atoi(pcVar3); + pcVar3 = (char *)(*pcVar1)(local_20); + puVar4 = local_1c + 0x10; + } + set_uci_value(0x1d,0,puVar4,pcVar3); + } +LAB_00428a1c: + set_uci_value(0x18,0,1,"vif-sta0"); + set_uci_value(0x18,0,2,"dhcp"); + del_uci_value(0x18,0,0xd); + del_uci_value(0x18,0,0x19); + del_uci_value(0x18,0,0x1a); + del_uci_value(0x18,0,0x18); + system("rm /etc/lte_mode"); + system("touch /tmp/change_config"); + strcpy(&WAN_TYPE_ARRAY,""); + fwrite(acStack_130,0xc0,1,local_14); + fclose(local_14); + system("touch /tmp/heart_file"); +LAB_00428b10: + wirte_apply_change("/tmp/network_change","workmode"); + config_action_set(5); + return 0; +} + diff --git a/disassemblies/usr/bin/webmgnt/webcfg_main.c b/disassemblies/usr/bin/webmgnt/webcfg_main.c new file mode 100644 index 0000000..0dc78d8 --- /dev/null +++ b/disassemblies/usr/bin/webmgnt/webcfg_main.c @@ -0,0 +1,727 @@ + +/* WARNING: Heritage AFTER dead removal. Example location: r0x00484044 : 0x00405fe2 */ +/* WARNING: Type propagation algorithm not settling */ +/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ +/* WARNING: Restarted to delay deadcode elimination for space: ram */ + +undefined4 webcfg_main(void) + +{ + undefined3 extraout_var; + int iVar1; + uint uVar2; + undefined *puVar3; + code *pcVar4; + size_t sVar5; + bool bVar10; + undefined **ppuVar6; + time_t tVar7; + char *pcVar8; + ssize_t sVar9; + char *pcVar11; + undefined4 uVar21; + int iVar22; + char *pcVar23; + undefined1 *puVar24; + char local_4c00 [16384]; + undefined4 uStack_c00; + char local_bfc [1020]; + char acStack_800 [1024]; + char acStack_400 [256]; + undefined *apuStack_300 [64]; + char acStack_200 [80]; + undefined *local_1b0; + char *local_1ac; + char *local_1a4; + undefined4 local_1a0; + undefined *apuStack_164 [16]; + undefined *apuStack_124 [2]; + undefined **local_11c; + char *local_118; + char acStack_ec [36]; + char acStack_c8 [32]; + undefined *local_a8; + undefined4 local_a4; + undefined4 local_a0; + undefined4 local_9c; + undefined4 local_98; + undefined4 local_94; + undefined4 local_90; + undefined4 local_8c; + char local_88 [16]; + undefined *local_78; + undefined4 local_74; + undefined4 local_70; + undefined4 local_6c; + undefined **local_68; + undefined **cgi_func; + undefined1 *local_60; + undefined **local_5c; + undefined **local_58; + char *local_54; + char *local_50; + undefined **local_4c; + uint session_valid; + char *local_44; + FILE *local_40; + FILE *local_3c; + FILE *local_38; + FILE *local_34; + FILE *local_30; + undefined4 local_2c; + char *local_28; + FILE *local_24; + undefined **local_20; + char *local_1c; + char *local_18; + + local_60 = &stack0xffefb400; + memset(acStack_200,0,0x50); + local_78 = (undefined *)0x0; + local_74 = 0; + local_70 = 0; + local_6c = 0; + local_88[0] = '\0'; + local_88[1] = '\0'; + local_88[2] = '\0'; + local_88[3] = '\0'; + local_88[4] = '\0'; + local_88[5] = '\0'; + local_88[6] = '\0'; + local_88[7] = '\0'; + local_88[8] = '\0'; + local_88[9] = '\0'; + local_88[10] = '\0'; + local_88[0xb] = '\0'; + local_88[0xc] = '\0'; + local_88[0xd] = '\0'; + local_88[0xe] = '\0'; + local_88[0xf] = '\0'; + memset(apuStack_164,0,0x40); + memset(acStack_c8,0,0x20); + local_4c00[0] = '{'; + local_4c00[1] = '}'; + local_4c00[2] = 0; + memset(local_4c00 + 3,0,0x3ffd); + memset(apuStack_300,0,0x100); + memset(acStack_ec,0,0x21); + memset(&stack0xffefb400,0,0x100000); + local_40 = _stderr; + local_68 = (undefined **)0x44d110; + cgi_func = (undefined **)0x44869c; + fprintf(_stderr,"[%s,%s,%d]: Starting web-management CGI server...","cgi_main.c","webcfg_main"); + fputc(10,_stderr); + syslog(6,"Starting web-management CGI server...",&_mips_gp0_value); + pcVar11 = "/tmp/sysinfo/unregister"; + uVar21 = 0; + /* This file does exist on the device, contains two characters "ef" + So the below block will always eexcute it seems, "however + /www-comfast/unregistered" does not seem to exist + So, I don't expect this really does anything */ + iVar1 = access("/tmp/sysinfo/unregister",0); + if (iVar1 == 0) { + registered_flag = 0; + pcVar11 = "cp /www-comfast/unregistered/* /www-comfast/ -r"; + system("cp /www-comfast/unregistered/* /www-comfast/ -r"); + } + uci_start(pcVar11,uVar21); + iVar1 = uci_config_get_single_int("mbox.management.config_done"); + config_done = iVar1 != 0; + uci_end(); + /* PGM_INIT: explicitly ZERO out session ID */ + cgi_func = (undefined **)&authenticated_COMFAST_session_id; + memset(&authenticated_COMFAST_session_id,0,0x90); + iVar1 = FCGX_Init(); + if (iVar1 < 0) { + local_3c = _stderr; + fprintf(_stderr,"[%s,%s,%d]: fcgi initialization fail, can not continue!","cgi_main.c", + "webcfg_main"); + fputc(10,_stderr); + pcVar11 = "[%s,%s,%d]: fcgi initialization fail, can not continue!"; + } + else { + /* First block of code that runs after successful fcgi init */ + cgi_func = (undefined **)acStack_200; + /* Listen on localhost:9002 + NGINX proxies all requests to /cgi-bin/* to this process + This is why you'll get 502 for trying to request endpoints that don't exist + */ + sprintf((char *)cgi_func,"127.0.0.1:%d",9002); + local_38 = _stderr; + fprintf(_stderr,"[%s,%s,%d]: fcgi listening to %s","cgi_main.c","webcfg_main"); + fputc(10,_stderr); + syslog(6,"fcgi listening to %s",cgi_func); + cgi_func = (undefined **)FCGX_OpenSocket(cgi_func,0xffffffff,&_mips_gp0_value); + /* FCGI_OpenSocket() returns -1 on error so + IF SOCKET OPENED { ... } */ + if (-1 < (int)cgi_func) { + uVar2 = fcntl((int)cgi_func,1); + fcntl((int)cgi_func,2,uVar2 | 1); + FCGX_InitRequest(apuStack_124,cgi_func,0); + /* Beginning of web request handler loop */ + session_valid = 0; + do { + local_98 = 0; + local_94 = 0; + local_90 = 0; + local_8c = 0; + blob_buf_init(&local_98,0); + local_5c = &local_a8; + local_a8 = (undefined *)0x0; + local_a4 = 0; + local_a0 = 0; + local_9c = 0; + blob_buf_init(local_5c,0,&_mips_gp0_value); + local_58 = apuStack_124; + iVar1 = FCGX_Accept_r(local_58,local_58,&_mips_gp0_value); + if (iVar1 < 0) { + return 0; + } + cgi_func = &local_1b0; + local_68 = (undefined **)local_58[5]; + memset(cgi_func,0,0x4c); + puVar3 = (undefined *)FCGX_GetParam("QUERY_STRING",local_68); + cgi_func[1] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("REQUEST_METHOD",local_68,&_mips_gp0_value); + cgi_func[2] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("CONTENT_TYPE",local_68); + cgi_func[3] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("CONTENT_LENGTH",local_68,&_mips_gp0_value); + cgi_func[4] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("SCRIPT_NAME",local_68); + cgi_func[5] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("REQUEST_URI",local_68,&_mips_gp0_value); + cgi_func[6] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("DOCUMENT_URI",local_68); + cgi_func[7] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("DOCUMENT_ROOT",local_68,&_mips_gp0_value); + cgi_func[8] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("SERVER_PROTOCOL",local_68); + cgi_func[9] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("HTTPS",local_68,&_mips_gp0_value); + cgi_func[10] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("REMOTE_ADDR",local_68); + cgi_func[11] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("REMOTE_PORT",local_68,&_mips_gp0_value); + cgi_func[12] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("SERVER_ADDR",local_68); + cgi_func[13] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("SERVER_PORT",local_68,&_mips_gp0_value); + cgi_func[14] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("SERVER_NAME",local_68); + cgi_func[15] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("HTTP_HOST",local_68,&_mips_gp0_value); + cgi_func[16] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("USER_AGENT",local_68); + cgi_func[17] = puVar3; + puVar3 = (undefined *)FCGX_GetParam("HTTP_COOKIE",local_68,&_mips_gp0_value); + cgi_func[18] = puVar3; + pcVar11 = local_118; + /* element 11 = "REMOTE_ADDR" + element 7 = "DOCUMENT_URI" + + This is checking + IF the IP address of the requester = NULL/empty string + -- OR -- if the DOCUMENT URI = NULL/empty string */ + if ((((cgi_func[11] == (char *)0x0) || (*cgi_func[11] == '\0')) || + (local_50 = cgi_func[7], local_50 == (char *)0x0)) || (*local_50 == '\0')) { +LAB_0040654a: + /* Loads a pointer to the response_400() function and then executes it */ + pcVar4 = (code *)0x4055b5; +LAB_0040654e: + /* This branch is for explicit handling of the "/cgi-bin/iswifi" path which so + far I haven't recorded any use of in this environment. In any case it seems + to simply return a 200 response with the COMFAST_SESSION set as a cookie. + It's worth noting that it does conditionally set the cookie value to + "DELETED" based on the state of local_48 which apears to be a boolean, likely + something like "is_logged_in" */ + (*pcVar4)(pcVar11); + } + else { + *cgi_func = (undefined *)local_58; + iVar1 = strncmp(local_50,"/cgi-bin/iswifi",0xf); + if (iVar1 == 0) { + local_68 = (undefined **)acStack_ec; + iVar1 = deal_iswifi(cgi_func[1],(char *)apuStack_300,(char *)local_68); + if (iVar1 == 0) { + iswifi_output(local_5c,(char *)local_68); + local_5c = (undefined **)blobmsg_format_json_with_cb(*local_5c,1,0,0); + local_50 = local_58[3]; + if (session_valid == 0) { + local_68 = (undefined **)0x44881c; + pcVar11 = "Expires=Thu, 01-Jan-1970 00:00:01 GMT; Path=/; Version=1"; + } + else { + local_68 = (undefined **)&authenticated_COMFAST_session_id; + pcVar11 = "Path=/; Version=1"; + } + cgi_func = (undefined **)pcVar11; + local_54 = (char *)strlen((char *)local_5c); + local_58 = apuStack_300; + strlen((char *)local_58); + FCGX_FPrintF(local_50, + "Status: 200 OK\r\nSet-Cookie: %s=%s; %s\r\nContent-Length: %d\r\nContent-Type: text/javascript; charset=utf-8\r\n\r\n%s(%s);\r\n" + ,"COMFAST_SESSIONID",local_68); + free(local_5c); + } + } + else { + iVar1 = strncmp(local_50,"/cgi-bin/",9); + if (iVar1 != 0) { + pcVar11 = local_58[3]; +LAB_00407552: + pcVar4 = (code *)0x405589; + goto LAB_0040654e; + } + local_68 = (undefined **)cgi_func[2]; + iVar1 = strcmp((char *)local_68,"GET"); + if (iVar1 == 0) { + local_5c = (undefined **)cgi_func[6]; + cgi_func = (undefined **)0x448b28; + pcVar11 = strstr((char *)local_5c,"height="); + if (pcVar11 == (char *)0x0) { + local_4c = (undefined **)&DAT_00000001; + } + else { + cgi_func = (undefined **)0x448b30; + pcVar11 = strstr((char *)local_5c,"width="); + if (pcVar11 != (char *)0x0) { + cgi_func = (undefined **)(local_88 + 0x10); + local_68 = (undefined **)local_88; + local_88[0] = '\0'; + local_88[1] = '\0'; + local_88[2] = '\0'; + local_88[3] = '\0'; + local_88[4] = '\0'; + local_88[5] = '\0'; + local_88[6] = '\0'; + local_88[7] = '\0'; + local_88[8] = '\0'; + local_88[9] = '\0'; + local_88[10] = '\0'; + local_88[0xb] = '\0'; + local_88[0xc] = '\0'; + local_88[0xd] = '\0'; + local_88[0xe] = '\0'; + local_88[0xf] = '\0'; + local_58 = apuStack_164; + local_78 = (undefined *)0x0; + local_74 = 0; + local_70 = 0; + local_6c = 0; + memset(local_58,0,0x40); + local_50 = acStack_c8; + memset(local_50,0,0x20); + pcVar11 = strstr((char *)local_5c,"height="); + get_para_from_uri(pcVar11,(int)cgi_func); + pcVar11 = strstr((char *)local_5c,"width="); + get_para_from_uri(pcVar11,(int)local_68); + get_css_path_from_uri((char *)((int)local_5c + 9),(int)local_50); + sprintf((char *)local_58,"/www-comfast/%s",local_50); + memset(&stack0xffefb400,0,0x100000); + local_68 = (undefined **)atoi((char *)local_68); + iVar1 = atoi((char *)cgi_func); + modify_css(local_68,iVar1,&stack0xffefb400,(char *)local_58); + sVar5 = strlen(&stack0xffefb400); + FCGX_FPrintF(local_118, + "HTTP/1.1 200 OK\r\nServer: nginx/1.4.7\r\nDate: Mon, 17 Jun 2019 10:42:35 GMT\r\nContent-Type: text/css\r\nContent-Length: %d\r\nLast-Modified: Thu, 01-Jan-1970 00:00:01 GMT\r\nConnection: keep-alive\r\nETag: \"5c666a67-1acd\"\r\nAccept-Ranges: bytes\r\n\r\n%s" + ,sVar5,&stack0xffefb400); + goto LAB_00406556; + } + local_4c = (undefined **)&DAT_00000001; + } + } + else { + iVar1 = strcmp((char *)local_68,"POST"); + if (iVar1 != 0) { + pcVar11 = local_58[3]; + goto LAB_00407552; + } + cgi_func = (undefined **)strtoul(cgi_func[4],(char **)0x0,0); + if ((char *)0xffffff < (char *)((int)cgi_func + -1)) { + local_30 = _stderr; + local_68 = &local_1b0; + local_2c = local_1a0; + fprintf(_stderr,"[%s,%s,%d]: Invalid request of content length: %s cl=%d", + "cgi_main.c","webcfg_main"); + fputc(10,_stderr); + syslog(3,"Invalid request of content length: %s cl=%d",local_68[4],cgi_func); + } + local_68 = (undefined **)local_1ac; + pcVar11 = strstr(local_1ac,"section=system_"); + if (pcVar11 == (char *)0x0) { + system_state = (char *)0x0; + } + else { + pcVar11 = strstr((char *)local_68,"system_config_backup"); + if (((pcVar11 == (char *)0x0) && + (pcVar11 = strstr((char *)local_68,"system_account_download"), + pcVar11 == (char *)0x0)) && + (pcVar11 = strstr((char *)local_68,"system_passwd_download"), + pcVar11 == (char *)0x0)) { + pcVar11 = strstr((char *)local_68,"system_load_config"); + if (pcVar11 == (char *)0x0) { + pcVar11 = strstr((char *)local_68,"system_upgrade"); + if ((pcVar11 == (char *)0x0) && + (pcVar11 = strstr((char *)local_68,"system_upgrade_keep"), + pcVar11 == (char *)0x0)) { + pcVar11 = strstr((char *)local_68,"system_upload_file"); + if (((((pcVar11 == (char *)0x0) && + (pcVar11 = strstr((char *)local_68,"system_upload_account"), + pcVar11 == (char *)0x0)) && + (pcVar11 = strstr((char *)local_68,"system_upload_passwd"), + pcVar11 == (char *)0x0)) && + ((pcVar11 = strstr((char *)local_68,"system_upload_wxpay_cert_pem"), + pcVar11 == (char *)0x0 && + (pcVar11 = strstr((char *)local_68,"system_upload_wxpay_key_pem"), + pcVar11 == (char *)0x0)))) && + ((pcVar11 = strstr((char *)local_68,"system_upload_radius_template"), + pcVar11 == (char *)0x0 && + (pcVar11 = strstr((char *)local_68,"system_cluster_upgrade_file"), + pcVar11 == (char *)0x0)))) { + pcVar11 = strstr((char *)local_68,"system_wl_upload_pic_file"); + if (pcVar11 == (char *)0x0) { + system_state = strstr((char *)local_68,"system_suite_upgrade_file_upload") + ; + if (system_state != (char *)0x0) { + system_state = (char *)0x6; + } + } + else { + system_state = (char *)0x5; + } + } + else { + system_state = (char *)0x4; + } + } + else { + system_state = (char *)0x3; + } + } + else { + system_state = &DAT_00000002; + } + } + else { + system_state = &DAT_00000001; + } + if (((local_1a4 != (char *)0x0) && + (pcVar11 = strstr(local_1a4,"multipart/form-data"), pcVar11 != (char *)0x0)) && + (local_28 = system_state, 1 < (int)system_state)) { + local_58 = local_11c; + memset(acStack_800,0,0x400); + memset(acStack_400,0,0x100); + do { + if ((int)cgi_func < 1) goto LAB_00406fa2; + local_68 = (undefined **)acStack_800; + memset(local_68,0,0x400); + pcVar11 = (char *)((int)cgi_func + 1); + if (0x400 < (int)pcVar11) { + pcVar11 = (char *)0x400; + } + iVar1 = FCGX_GetLine(local_68,pcVar11,local_58); + if (iVar1 == 0) goto LAB_00407400; + local_68 = (undefined **)acStack_800; + sVar5 = strlen((char *)local_68); + cgi_func = (undefined **)((int)cgi_func - sVar5); + iVar1 = strncasecmp((char *)local_68,"Content-Disposition:",0x14); + } while (iVar1 != 0); + local_68 = (undefined **)strstr((char *)local_68,"filename="); + if (local_68 != (undefined **)0x0) { + local_5c = (undefined **)((int)local_68 + 10); + local_54 = strchr((char *)local_5c,0x22); + if (local_54 != (char *)0x0) { + memset(upload_filename,0,0x100); + strncpy(upload_filename,(char *)local_5c, + (size_t)(local_54 + (-10 - (int)local_68))); + } + } + for (; 0 < (int)cgi_func; cgi_func = (undefined **)((int)cgi_func - sVar5)) { + local_68 = (undefined **)acStack_800; + iVar1 = strcmp((char *)local_68,"\n"); + if ((iVar1 == 0) || (iVar1 = strcmp((char *)local_68,"\r\n"), iVar1 == 0)) + break; + memset(local_68,0,0x400); + pcVar11 = (char *)((int)cgi_func + 1); + if (0x400 < (int)pcVar11) { + pcVar11 = (char *)0x400; + } + iVar1 = FCGX_GetLine(local_68,pcVar11,local_58); + if (iVar1 == 0) goto LAB_00407400; + sVar5 = strlen(acStack_800); + } +LAB_00406fa2: + pcVar11 = strstr(upload_filename,".png"); + if ((((pcVar11 == (char *)0x0) && + (pcVar11 = strstr(upload_filename,".PNG"), pcVar11 == (char *)0x0)) && + (pcVar11 = strstr(upload_filename,".jpg"), pcVar11 == (char *)0x0)) && + (((pcVar11 = strstr(upload_filename,".JPG"), pcVar11 == (char *)0x0 && + (pcVar11 = strstr(upload_filename,".jpeg"), pcVar11 == (char *)0x0)) && + (pcVar11 = strstr(upload_filename,".JPEG"), pcVar11 == (char *)0x0)))) { + puVar24 = (undefined1 *)0x104800; + pcVar11 = "/tmp/bakup.file"; + strcpy(acStack_400,"/tmp/bakup.file"); + } + else { + local_68 = (undefined **)0x448e6c; + iVar1 = access("/tmp/img",0); + if ((iVar1 != 0) && (iVar1 = mkdir("/tmp/img",0x1ff), iVar1 != 0)) + goto LAB_00407400; + puVar24 = upload_filename; + pcVar11 = "%s/%s"; + sprintf(acStack_400,"%s/%s","/tmp/img"); + } + local_5c = (undefined **)0x448e80; + bVar10 = file_exists("/tmp/bakup.file",pcVar11,&_mips_gp0_value,puVar24); + if (CONCAT31(extraout_var,bVar10) == 0) { + memset(&uStack_c00,0,0x400); + local_54 = (char *)open(acStack_400,0x302,0x1ff); + if (-1 < (int)local_54) { + local_68 = (undefined **)0x0; + for (; 0 < (int)cgi_func; + cgi_func = (undefined **)((int)cgi_func - (int)ppuVar6)) { + local_4c = cgi_func; + if (0x400 < (int)cgi_func) { + local_4c = (undefined **)0x400; + } + local_5c = (undefined **)FCGX_GetStr(&uStack_c00,local_4c,local_58); + if (local_5c != local_4c) break; + if ((int)cgi_func < 0x400) { + for (; (int)local_68 < (int)(cgi_func + -1); + local_68 = (undefined **)((int)local_68 + 1)) { + if ((((*(char *)((int)&uStack_c00 + (int)local_68) == '\r') && + (*(char *)((int)&uStack_c00 + 1 + (int)local_68) == '\n')) && + (*(char *)((int)&uStack_c00 + 2 + (int)local_68) == '-')) && + ((*(char *)((int)&uStack_c00 + 3 + (int)local_68) == '-' && + (local_bfc[(int)local_68] == '-')))) { + *(char *)((int)&uStack_c00 + (int)local_68) = '\0'; + cgi_func = (undefined **) + ((int)cgi_func + ((int)local_68 - (int)local_5c)); + local_5c = local_68; + break; + } + } + } + ppuVar6 = (undefined **)write((int)local_54,&uStack_c00,(size_t)local_5c); + if (ppuVar6 != local_5c) break; + } + close((int)local_54); + } + } + else { + local_58 = (undefined **)&uStack_c00; + memset(local_58,0,0x80); + local_68 = (undefined **)open("/tmp/bakup.file",2); + if ((int)local_68 < 0) { + unlink((char *)local_5c); + } + else { + local_5c = (undefined **)lseek((int)local_68,0,2); + lseek((int)local_68,(__off_t)((int)local_5c + -0x7f),0); + read((int)local_68,local_58,0x7f); + iVar1 = 0; + do { + iVar22 = iVar1; + if (iVar22 == 0x7c) { + iVar22 = 0x7c; + break; + } + iVar1 = iVar22 + 1; + } while (((*(char *)((int)&uStack_c00 + iVar22 + 1) != '\r') || + (*(char *)((int)&uStack_c00 + iVar22 + 2) != '\n')) || + ((*(char *)((int)&uStack_c00 + iVar22 + 3) != '-' || + (local_bfc[iVar22] != '-')))); + ftruncate((int)local_68,(__off_t)((int)local_5c + iVar22 + -0x7e)); + close((int)local_68); + local_68 = (undefined **)acStack_400; + iVar1 = strcmp("/tmp/bakup.file",(char *)local_68); + if (iVar1 != 0) { + rename("/tmp/bakup.file",(char *)local_68); + } + } + } + } + } +LAB_00407400: + if ((undefined **)0x4000 < cgi_func) { + cgi_func = (undefined **)0x3fff; + } + local_68 = (undefined **)local_4c00; + memset(local_68,0,0x4000); + local_5c = apuStack_124; + FCGX_GetStr(local_68,cgi_func,local_11c); + *(char *)((int)local_68 + (int)cgi_func) = '\0'; + if ((system_state == (char *)0x0) && + (iVar1 = blobmsg_add_json_from_string(&local_98,local_68), iVar1 == 0)) { + local_24 = _stderr; + fprintf(_stderr,"[%s,%s,%d]: Fail to parse JSON from post data: %s","cgi_main.c", + "webcfg_main"); + fputc(10,_stderr); + syslog(3,"Fail to parse JSON from post data: %s",local_68); + pcVar11 = local_5c[3]; + goto LAB_0040654a; + } + local_4c = (undefined **)&DAT_00000002; + } + cgi_func = (undefined **)authenticated_session_expiration_time; + tVar7 = time((time_t *)0x0); + cgi_func = (undefined **)((int)cgi_func - tVar7); + if ((int)cgi_func < 0) { + iVar1 = uptime_timeout(); + if (iVar1 == 0) { + memset(&authenticated_COMFAST_session_id,0,0x90); + } + else { + tVar7 = time((time_t *)0x0); + authenticated_session_expiration_time = tVar7 + 600; + } + } + else { + tVar7 = time((time_t *)0x0); + authenticated_session_expiration_time = tVar7 + 600; + } + session_valid = 0; + if (is_logged_in != '\0') { + session_valid = (int)cgi_func < 1 ^ 1; + } + /* Figure out how to dispatch incoming request + Loops over cgi_functions in &cgi_functions which is itself an array of data + structures */ + for (cgi_func = &cgi_functions; cgi_func != (undefined **)&DAT_00464bf4; + cgi_func = cgi_func + 5) { + local_20 = (undefined **)cgi_func[1]; + if ((local_20 == local_4c) && (iVar1 = strcmp(*cgi_func,local_50 + 9), iVar1 == 0)) { + /* Here's the auth check + Every CGI entry in cgi_functions[] has a one-byte “needs-auth” flag + (offset +2). + If that flag is zero or the session is valid */ + if ((*(char *)(cgi_func + 2) == '\0') || (session_valid != 0)) { + local_68 = &local_1b0; + pcVar23 = "ac_list_get"; + pcVar11 = local_1ac; + pcVar8 = strstr(local_1ac,"ac_list_get"); + if (pcVar8 == (char *)0x0) { + uci_start(pcVar11,pcVar23); + local_68 = (undefined **)(*(code *)cgi_func[3])(local_68,&local_98,&local_a8); + uci_end(); + } + else { + ac_list_get(&local_98,&local_a8); + local_68 = (undefined **)0x0; + } + local_1c = system_state; + if (system_state != &DAT_00000001) { + ppuVar6 = local_68; + if ((int)local_68 < 0) { + ppuVar6 = (undefined **)-(int)local_68; + } + goto LAB_004077ae; + } + } + else { + ppuVar6 = (undefined **)(char *)0x4; +LAB_004077ae: + cgi_gen_error(&local_a8,(int)ppuVar6); + } + local_18 = system_state; + if (system_state == &DAT_00000001) { + local_68 = (undefined **)local_118; + memset(&uStack_c00,0,0x400); + if (download_filename == '\0') { + strcpy(&download_filename,"bakup.file"); + } + FCGX_FPrintF(local_68,"Content-Disposition: attachment; filename=\"%s\"\r\n", + &download_filename); + FCGX_FPrintF(local_68,"Content-Type: application/x-targz\r\n"); + FCGX_FPrintF(local_68,"Cache-Control: no-cache\r\n",&_mips_gp0_value); + FCGX_FPrintF(local_68,"Expires: 0\r\n",&_mips_gp0_value); + FCGX_FPrintF(local_68,"\r\n",&_mips_gp0_value); + local_54 = (char *)0x3; + while( true ) { + local_58 = (undefined **)0x448e80; + local_5c = (undefined **)open("/tmp/bakup.file",2); + if (local_5c != (undefined **)0xffffffff) break; + local_54 = local_54 + -1; + if (local_54 == (char *)0x0) goto LAB_00407956; + sleep(1); + } + ppuVar6 = (undefined **)&uStack_c00; + while( true ) { + memset(ppuVar6,0,0x400); + local_58 = (undefined **)&uStack_c00; + sVar9 = read((int)local_5c,local_58,0x3ff); + if (sVar9 < 1) break; + *(char *)((int)local_58 + sVar9) = '\0'; + FCGX_PutStr(local_58,sVar9,local_68); + ppuVar6 = local_58; + } +LAB_00407956: + memset(&download_filename,0,0x100); + if (-1 < (int)local_5c) { + close((int)local_5c); + } + unlink("/tmp/bakup.file"); + } + else { + if (*(char *)(cgi_func + 4) != '\0') break; + local_5c = (undefined **)blobmsg_format_json_with_cb(local_a8,1,0,0); + local_54 = "COMFAST_SESSIONID"; + if ((int)system_state < 2) { + local_44 = local_118; + if (session_valid == 0) { + local_58 = (undefined **)0x44881c; + local_68 = (undefined **)0x448824; + } + else { + local_58 = (undefined **)&authenticated_COMFAST_session_id; + local_68 = (undefined **)0x448808; + } + strlen((char *)local_5c); + pcVar11 = + "Status: 200 OK\r\nSet-Cookie: %s=%s; %s\r\nContent-Length: %d\r\nContent-Type: application/json\r\n\r\n%s\r\n" + ; + } + else { + local_44 = local_118; + if (session_valid == 0) { + local_58 = (undefined **)0x44881c; + local_68 = (undefined **)0x448824; + } + else { + local_58 = (undefined **)&authenticated_COMFAST_session_id; + local_68 = (undefined **)0x448808; + } + strlen((char *)local_5c); + pcVar11 = + "Status: 200 OK\r\nSet-Cookie: %s=%s; %s\r\nContent-Length: %d\r\nContent-Type: text/html\r\n\r\n%s\r\n" + ; + } + FCGX_FPrintF(local_44,pcVar11,local_54,local_58); + free(local_5c); + } + } + } + } + } +LAB_00406556: + blob_buf_free(&local_98); + blob_buf_free(&local_a8); + FCGX_Finish_r(apuStack_124); + iVar1 = config_action_get(); + if (iVar1 != 0) { + apply_settings(); + } + } while( true ); + } + /* This is the end of the IF FCGI_OPEN_SOCKET() succeeded block */ + local_34 = _stderr; + fprintf(_stderr,"[%s,%s,%d]: Fail to open fcgi socket, can not continue!","cgi_main.c", + "webcfg_main"); + fputc(10,_stderr); + pcVar11 = "[%s,%s,%d]: Fail to open fcgi socket, can not continue!"; + } + syslog(3,pcVar11 + 0xc,&_mips_gp0_value); + return 0xffffffff; +} +