Advertising (This ad goes away for registered users. You can Login or Register)

Crash

Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
stavrosomo
Posts: 109
Joined: Sun May 29, 2011 10:36 am

Re: Crash

Post by stavrosomo »

thanks for answering noname!!

somebody who knows better about these? can you please help?
Advertising
stavrosomo
Posts: 109
Joined: Sun May 29, 2011 10:36 am

Re: Crash

Post by stavrosomo »

Is it that much difficult to give me instructions to continue?

Someone who knows what i have to do now?
Advertising
Acid_Snake
Retired Mod
Posts: 3100
Joined: Tue May 01, 2012 11:32 am
Location: Behind you!

Re: Crash

Post by Acid_Snake »

without a disasm we can't know if it's exploitable or not
stavrosomo
Posts: 109
Joined: Sun May 29, 2011 10:36 am

Re: Crash

Post by stavrosomo »

Code: Select all

host0:/> host0:/> Loading all modules ... Ready
Exception - Address load/inst fetch
Thread ID - 
Th Name   - 
Module ID - 
Mod Name  - 
EPC       - 0x088B5EB8
Cause     - 0x10000010
BadVAddr  - 0x61616159
Status    - 0x60088613
zr:0x00000000 at:0x09FFFB00 v0:0x089AE05F v1:0xFFFFFFFF
a0:0x089AE060 a1:0x61616161 a2:0x61616159 a3:0x089AE05F
t0:0x00000001 t1:0x040CF10F t2:0x00000000 t3:0x00000000
t4:0x01010101 t5:0x0004A871 t6:0x09C01EE8 t7:0x088B54A8
s0:0x089AE058 s1:0x089AE000 s2:0x089AE060 s3:0x61616161
s4:0x089AE058 s5:0x089AE038 s6:0x00000001 s7:0x61616161
t8:0x0002EB80 t9:0x00005D70 k0:0x09FFFB00 k1:0x00000000
gp:0x00000000 SP:0x09FFF170 fp:0x09C01EE0 ra:0x088B54D4
0x088B5EB8: 0x8CA3FFF8 '....' - lw         $v1, -8($a1)

host0:/> disasm $epc-100 200
0x088B5E54: 0xAD280000 '..(.' - sw         $t0, 0($t1)
0x088B5E58: 0x0A22D77F '..".' - j          0x088B5DFC
0x088B5E5C: 0x00802821 '!(..' - move       $a1, $a0
0x088B5E60: 0x10C00007 '....' - beqz       $a2, 0x088B5E80
0x088B5E64: 0x24E50008 '...$' - addiu      $a1, $a3, 8
0x088B5E68: 0x00A6001B '....' - divu       $a1, $a2
0x088B5E6C: 0x50C00001 '...P' - beqzl      $a2, 0x088B5E74
0x088B5E70: 0x000001CD '....' - break      0x7
0x088B5E74: 0x00005010 '.P..' - mfhi       $t2
0x088B5E78: 0x1540FFD9 '..@.' - bnez       $t2, 0x088B5DE0
0x088B5E7C: 0x00000000 '....' - nop
0x088B5E80: 0x8CE60000 '....' - lw         $a2, 0($a3)
0x088B5E84: 0x0A22D78B '..".' - j          0x088B5E2C
0x088B5E88: 0xAD260000 '..&.' - sw         $a2, 0($t1)
0x088B5E8C: 0x10800005 '....' - beqz       $a0, 0x088B5EA4
0x088B5E90: 0x24A6FFF8 '...$' - addiu      $a2, $a1, -8
0x088B5E94: 0x8C820000 '....' - lw         $v0, 0($a0)
0x088B5E98: 0x2487FFFF '...$' - addiu      $a3, $a0, -1
0x088B5E9C: 0x10470004 '..G.' - beq        $v0, $a3, 0x088B5EB0
0x088B5EA0: 0x00000000 '....' - nop
0x088B5EA4: 0x2403FFFC '...$' - li         $v1, -4
0x088B5EA8: 0x03E00008 '....' - jr         $ra
0x088B5EAC: 0x00601021 '!.`.' - move       $v0, $v1
0x088B5EB0: 0x10A0FFFD '....' - beqz       $a1, 0x088B5EA8
0x088B5EB4: 0x2403FFFF '...$' - li         $v1, -1
0x088B5EB8: 0x8CA3FFF8 '....' - lw         $v1, -8($a1)
0x088B5EBC: 0x50640003 '..dP' - beql       $v1, $a0, 0x088B5ECC
0x088B5EC0: 0x8CC80004 '....' - lw         $t0, 4($a2)
0x088B5EC4: 0x0A22D7AA '..".' - j          0x088B5EA8
0x088B5EC8: 0x2403FFFF '...$' - li         $v1, -1
0x088B5ECC: 0x1900FFFD '....' - blez       $t0, 0x088B5EC4
0x088B5ED0: 0x01004821 '!H..' - move       $t1, $t0
0x088B5ED4: 0x24870018 '...$' - addiu      $a3, $a0, 24
0x088B5ED8: 0x00C7282B '+(..' - sltu       $a1, $a2, $a3
0x088B5EDC: 0x14A0FFF2 '....' - bnez       $a1, 0x088B5EA8
0x088B5EE0: 0x2403FFFE '...$' - li         $v1, -2
0x088B5EE4: 0x8C8C0008 '....' - lw         $t4, 8($a0)
0x088B5EE8: 0x008C5821 '!X..' - addu       $t3, $a0, $t4
0x088B5EEC: 0x00CB502B '+P..' - sltu       $t2, $a2, $t3
0x088B5EF0: 0x55400003 '..@U' - bnezl      $t2, 0x088B5F00
0x088B5EF4: 0x8C850014 '....' - lw         $a1, 20($a0)
0x088B5EF8: 0x0A22D7AA '..".' - j          0x088B5EA8
0x088B5EFC: 0x00000000 '....' - nop
0x088B5F00: 0x00A6682B '+h..' - sltu       $t5, $a1, $a2
0x088B5F04: 0x55A00056 'V..U' - bnezl      $t5, 0x088B6060
0x088B5F08: 0x8CA70000 '....' - lw         $a3, 0($a1)
0x088B5F0C: 0x00A6102B '+...' - sltu       $v0, $a1, $a2
0x088B5F10: 0x10C5FFE5 '....' - beq        $a2, $a1, 0x088B5EA8
0x088B5F14: 0x2403FFFD '...$' - li         $v1, -3
0x088B5F18: 0x8CA70000 '....' - lw         $a3, 0($a1)
0x088B5F1C: 0x00C7C02B '+...' - sltu       $t8, $a2, $a3
0x088B5F20: 0x00A7782B '+x..' - sltu       $t7, $a1, $a3
0x088B5F24: 0x15E00003 '....' - bnez       $t7, 0x088B5F34
0x088B5F28: 0x03021825 '%...' - or         $v1, $t8, $v0
0x088B5F2C: 0x1460000A '..`.' - bnez       $v1, 0x088B5F58
0x088B5F30: 0x00C7182B '+...' - sltu       $v1, $a2, $a3
0x088B5F34: 0x00E6C82B '+...' - sltu       $t9, $a3, $a2
0x088B5F38: 0x1320FFF4 '.. .' - beqz       $t9, 0x088B5F0C
0x088B5F3C: 0x00E02821 '!(..' - move       $a1, $a3
0x088B5F40: 0x8CE30000 '....' - lw         $v1, 0($a3)
0x088B5F44: 0x00C3382B '+8..' - sltu       $a3, $a2, $v1
0x088B5F48: 0x50E0FFF1 '...P' - beqzl      $a3, 0x088B5F10
0x088B5F4C: 0x00A6102B '+...' - sltu       $v0, $a1, $a2
0x088B5F50: 0x00603821 '!8`.' - move       $a3, $v1
0x088B5F54: 0x00C7182B '+...' - sltu       $v1, $a2, $a3
0x088B5F58: 0x10600007 '..`.' - beqz       $v1, 0x088B5F78
0x088B5F5C: 0x00A6682B '+h..' - sltu       $t5, $a1, $a2
0x088B5F60: 0x000960C0 '.`..' - sll        $t4, $t1, 3
0x088B5F64: 0x00CC5821 '!X..' - addu       $t3, $a2, $t4
0x088B5F68: 0x00EB502B '+P..' - sltu       $t2, $a3, $t3
0x088B5F6C: 0x1540FFCE '..@.' - bnez       $t2, 0x088B5EA8
0x088B5F70: 0x2403FFFD '...$' - li         $v1, -3
0x088B5F74: 0x00A6682B '+h..' - sltu       $t5, $a1, $a2
0x088B5F78: 0x11A00008 '....' - beqz       $t5, 0x088B5F9C
0x088B5F7C: 0x29230002 '..#)' - slti       $v1, $t1, 2
0x088B5F80: 0x8CB90004 '....' - lw         $t9, 4($a1)
0x088B5F84: 0x0019C0C0 '....' - sll        $t8, $t9, 3
0x088B5F88: 0x00B87821 '!x..' - addu       $t7, $a1, $t8
0x088B5F8C: 0x00CF702B '+p..' - sltu       $t6, $a2, $t7
0x088B5F90: 0x15C0FFC5 '....' - bnez       $t6, 0x088B5EA8
0x088B5F94: 0x2403FFFD '...$' - li         $v1, -3
0x088B5F98: 0x29230002 '..#)' - slti       $v1, $t1, 2
0x088B5F9C: 0x54600010 '..`T' - bnezl      $v1, 0x088B5FE0
0x088B5FA0: 0x8C98000C '....' - lw         $t8, 12($a0)
0x088B5FA4: 0x3C02DEAD '...<' - lui        $v0, 0xDEAD
0x088B5FA8: 0x3443BEEF '..C4' - ori        $v1, $v0, 0xBEEF
0x088B5FAC: 0xACC30008 '....' - sw         $v1, 8($a2)
0x088B5FB0: 0xACC3000C '....' - sw         $v1, 12($a2)
0x088B5FB4: 0x8CA90004 '....' - lw         $t1, 4($a1)
0x088B5FB8: 0x29280003 '..()' - slti       $t0, $t1, 3
0x088B5FBC: 0x55000007 '...U' - bnezl      $t0, 0x088B5FDC
0x088B5FC0: 0x8CC80004 '....' - lw         $t0, 4($a2)
0x088B5FC4: 0x8CCC0004 '....' - lw         $t4, 4($a2)
0x088B5FC8: 0x000C58C0 '.X..' - sll        $t3, $t4, 3
0x088B5FCC: 0x00CB5021 '!P..' - addu       $t2, $a2, $t3
0x088B5FD0: 0xAD43FFFC '..C.' - sw         $v1, -4($t2)
0x088B5FD4: 0xAD43FFF8 '..C.' - sw         $v1, -8($t2)
0x088B5FD8: 0x8CC80004 '....' - lw         $t0, 4($a2)
0x088B5FDC: 0x8C98000C '....' - lw         $t8, 12($a0)
0x088B5FE0: 0x03087823 '#x..' - subu       $t7, $t8, $t0
0x088B5FE4: 0xAC8F000C '....' - sw         $t7, 12($a0)
0x088B5FE8: 0x8CC80004 '....' - lw         $t0, 4($a2)
0x088B5FEC: 0x000870C0 '.p..' - sll        $t6, $t0, 3
0x088B5FF0: 0x00CE6821 '!h..' - addu       $t5, $a2, $t6
0x088B5FF4: 0x51A70012 '...Q' - beql       $t5, $a3, 0x088B6040
0x088B5FF8: 0x8CE20004 '....' - lw         $v0, 4($a3)
0x088B5FFC: 0xACC70000 '....' - sw         $a3, 0($a2)
0x088B6000: 0x8CA70004 '....' - lw         $a3, 4($a1)
0x088B6004: 0x000748C0 '.H..' - sll        $t1, $a3, 3
0x088B6008: 0x00A94021 '!@..' - addu       $t0, $a1, $t1
0x088B600C: 0x50C80005 '...P' - beql       $a2, $t0, 0x088B6024
0x088B6010: 0x8CCC0004 '....' - lw         $t4, 4($a2)
0x088B6014: 0xACA60000 '....' - sw         $a2, 0($a1)
0x088B6018: 0xAC850014 '....' - sw         $a1, 20($a0)
0x088B601C: 0x0A22D7AA '..".' - j          0x088B5EA8
0x088B6020: 0x00001821 '!...' - move       $v1, $zr
0x088B6024: 0x8CCA0000 '....' - lw         $t2, 0($a2)
0x088B6028: 0x00EC5821 '!X..' - addu       $t3, $a3, $t4
0x088B602C: 0xACAB0004 '....' - sw         $t3, 4($a1)
0x088B6030: 0xACAA0000 '....' - sw         $t2, 0($a1)
0x088B6034: 0xACC00004 '....' - sw         $zr, 4($a2)
0x088B6038: 0x0A22D806 '..".' - j          0x088B6018
0x088B603C: 0xACC00000 '....' - sw         $zr, 0($a2)
0x088B6040: 0x1840FFEE '..@.' - blez       $v0, 0x088B5FFC
0x088B6044: 0x01021821 '!...' - addu       $v1, $t0, $v0
0x088B6048: 0x8CF90000 '....' - lw         $t9, 0($a3)
0x088B604C: 0xACC30004 '....' - sw         $v1, 4($a2)
0x088B6050: 0xACD90000 '....' - sw         $t9, 0($a2)
0x088B6054: 0xACE00004 '....' - sw         $zr, 4($a3)
0x088B6058: 0x0A22D800 '..".' - j          0x088B6000
0x088B605C: 0xACE00000 '....' - sw         $zr, 0($a3)
0x088B6060: 0x00C7702B '+p..' - sltu       $t6, $a2, $a3
0x088B6064: 0x51C0FFAA '...Q' - beqzl      $t6, 0x088B5F10
0x088B6068: 0x00A6102B '+...' - sltu       $v0, $a1, $a2
0x088B606C: 0x0A22D7D6 '..".' - j          0x088B5F58
0x088B6070: 0x00C7182B '+...' - sltu       $v1, $a2, $a3
0x088B6074: 0x2407FFFC '...$' - li         $a3, -4
0x088B6078: 0x2483FFFF '...$' - addiu      $v1, $a0, -1
0x088B607C: 0x10800004 '....' - beqz       $a0, 0x088B6090
0x088B6080: 0x24A6FFF8 '...$' - addiu      $a2, $a1, -8
0x088B6084: 0x8C880000 '....' - lw         $t0, 0($a0)
0x088B6088: 0x51030003 '...Q' - beql       $t0, $v1, 0x088B6098
0x088B608C: 0x24830018 '...$' - addiu      $v1, $a0, 24
0x088B6090: 0x03E00008 '....' - jr         $ra
0x088B6094: 0x00E01021 '!...' - move       $v0, $a3
0x088B6098: 0x2407FFFF '...$' - li         $a3, -1
0x088B609C: 0x10A0FFFC '....' - beqz       $a1, 0x088B6090
0x088B60A0: 0x00C3102B '+...' - sltu       $v0, $a2, $v1
0x088B60A4: 0x1440FFFA '..@.' - bnez       $v0, 0x088B6090
0x088B60A8: 0x2407FFFE '...$' - li         $a3, -2
0x088B60AC: 0x8C8A0008 '....' - lw         $t2, 8($a0)
0x088B60B0: 0x008A4821 '!H..' - addu       $t1, $a0, $t2
0x088B60B4: 0x00C9402B '+@..' - sltu       $t0, $a2, $t1
0x088B60B8: 0x1100FFF5 '....' - beqz       $t0, 0x088B6090
0x088B60BC: 0x00000000 '....' - nop
0x088B60C0: 0x8CABFFF8 '....' - lw         $t3, -8($a1)
0x088B60C4: 0x1564FFF2 '..d.' - bne        $t3, $a0, 0x088B6090
0x088B60C8: 0x00003821 '!8..' - move       $a3, $zr
0x088B60CC: 0x8CC50004 '....' - lw         $a1, 4($a2)
0x088B60D0: 0x000520C0 '. ..' - sll        $a0, $a1, 3
0x088B60D4: 0x0A22D824 '$.".' - j          0x088B6090
0x088B60D8: 0x2487FFF8 '...$' - addiu      $a3, $a0, -8
0x088B60DC: 0x24C70007 '...$' - addiu      $a3, $a2, 7
0x088B60E0: 0x000718C2 '....' - srl        $v1, $a3, 3
0x088B60E4: 0x246A0001 '..j$' - addiu      $t2, $v1, 1
0x088B60E8: 0x00803821 '!8..' - move       $a3, $a0
0x088B60EC: 0x10800005 '....' - beqz       $a0, 0x088B6104
0x088B60F0: 0x24A8FFF8 '...$' - addiu      $t0, $a1, -8
0x088B60F4: 0x8C820000 '....' - lw         $v0, 0($a0)
0x088B60F8: 0x2484FFFF '...$' - addiu      $a0, $a0, -1
0x088B60FC: 0x10440004 '..D.' - beq        $v0, $a0, 0x088B6110
0x088B6100: 0x00000000 '....' - nop
0x088B6104: 0x2409FFFC '...$' - li         $t1, -4
0x088B6108: 0x03E00008 '....' - jr         $ra
0x088B610C: 0x01201021 '!. .' - move       $v0, $t1
0x088B6110: 0x10A0FFFD '....' - beqz       $a1, 0x088B6108
0x088B6114: 0x2409FFFF '...$' - li         $t1, -1
0x088B6118: 0x24E90018 '...$' - addiu      $t1, $a3, 24
0x088B611C: 0x0109182B '+...' - sltu       $v1, $t0, $t1
0x088B6120: 0x5460FFF9 '..`T' - bnezl      $v1, 0x088B6108
0x088B6124: 0x2409FFFE '...$' - li         $t1, -2
0x088B6128: 0x8CEC0008 '....' - lw         $t4, 8($a3)
0x088B612C: 0x00EC2021 '! ..' - addu       $a0, $a3, $t4
0x088B6130: 0x0104582B '+X..' - sltu       $t3, $t0, $a0
0x088B6134: 0x5160FFF4 '..`Q' - beqzl      $t3, 0x088B6108
0x088B6138: 0x2409FFFE '...$' - li         $t1, -2
0x088B613C: 0x01066821 '!h..' - addu       $t5, $t0, $a2
0x088B6140: 0x01A4302B '+0..' - sltu       $a2, $t5, $a0
0x088B6144: 0x54C00003 '...T' - bnezl      $a2, 0x088B6154
0x088B6148: 0x8CAEFFF8 '....' - lw         $t6, -8($a1)
0x088B614C: 0x0A22D842 'B.".' - j          0x088B6108
0x088B6150: 0x2409FFFE '...$' - li         $t1, -2
0x088B6154: 0x15C7FFEC '....' - bne        $t6, $a3, 0x088B6108
0x088B6158: 0x2409FFFF '...$' - li         $t1, -1
0x088B615C: 0x8D060004 '....' - lw         $a2, 4($t0)
0x088B6160: 0x10CAFFE9 '....' - beq        $a2, $t2, 0x088B6108
0x088B6164: 0x00004821 '!H..' - move       $t1, $zr
0x088B6168: 0x8CE50014 '....' - lw         $a1, 20($a3)
0x088B616C: 0x00A8782B '+x..' - sltu       $t7, $a1, $t0
0x088B6170: 0x55E00079 'y..U' - bnezl      $t7, 0x088B6358

Code: Select all

host0:/> bpset 0x088B5E54
host0:/> host0:/> Loading all modules ... Ready
Exception - Address load/inst fetch
Thread ID - 
Th Name   - 
Module ID - 
Mod Name  - 
EPC       - 0x088B5EB8
Cause     - 0x10000010
BadVAddr  - 0x61616159
Status    - 0x60088613
zr:0x00000000 at:0x09FFFB00 v0:0x089AE05F v1:0xFFFFFFFF
a0:0x089AE060 a1:0x61616161 a2:0x61616159 a3:0x089AE05F
t0:0x00000001 t1:0x040CF115 t2:0x00000000 t3:0x00000000
t4:0x01010101 t5:0x0004A871 t6:0x09C01EE8 t7:0x088B54A8
s0:0x089AE058 s1:0x089AE000 s2:0x089AE060 s3:0x61616161
s4:0x089AE058 s5:0x089AE038 s6:0x00000001 s7:0x61616161
t8:0x0002EB80 t9:0x00005D70 k0:0x09FFFB00 k1:0x00000000
gp:0x00000000 SP:0x09FFF170 fp:0x09C01EE0 ra:0x088B54D4
0x088B5EB8: 0x8CA3FFF8 '....' - lw         $v1, -8($a1)
bpdel 0x088B5E54
host0:/> hwprint
<HW Debug Registers>
DRCNTL: 0x0043C104
IBC   : 0x00000010
DBC   : 0x00000010
IBA   : 0x00000000
IBAM  : 0x00000000
DBA   : 0x00000000
DBAM  : 0x00000000
DBD   : 0x00000000
DBDM  : 0x00000000
host0:/> step
host0:/> Exception - Address load/inst fetch
Thread ID - 
Th Name   - 
Module ID - 
Mod Name  - 
EPC       - 0x088B5EB8
Cause     - 0x10000010
BadVAddr  - 0x61616159
Status    - 0x60088613
zr:0x00000000 at:0x09FFFB00 v0:0x089AE05F v1:0xFFFFFFFF
a0:0x089AE060 a1:0x61616161 a2:0x61616159 a3:0x089AE05F
t0:0x00000001 t1:0x040CF115 t2:0x00000000 t3:0x00000000
t4:0x01010101 t5:0x0004A871 t6:0x09C01EE8 t7:0x088B54A8
s0:0x089AE058 s1:0x089AE000 s2:0x089AE060 s3:0x61616161
s4:0x089AE058 s5:0x089AE038 s6:0x00000001 s7:0x61616161
t8:0x0002EB80 t9:0x00005D70 k0:0x09FFFB00 k1:0x00000000
gp:0x00000000 sp:0x09FFF170 fp:0x09C01EE0 ra:0x088B54D4
0x088B5EB8: 0x8CA3FFF8 '....' - lw         $v1, -8($a1)
hwprint
<HW Debug Registers>
DRCNTL: 0x0043C104
IBC   : 0x00000010
DBC   : 0x00000010
IBA   : 0x00000000
IBAM  : 0x00000000
DBA   : 0x00000000
DBAM  : 0x00000000
DBD   : 0x00000000
DBDM  : 0x00000000
stavrosomo
Posts: 109
Joined: Sun May 29, 2011 10:36 am

Re: Crash

Post by stavrosomo »

found another crash using another game. have a look below

Code: Select all

host0:/> host0:/> Loading all modules ... Ready
Exception - FPU Exception (IUV)
Thread ID - 
Th Name   - 
Module ID - 
Mod Name  - 
EPC       - 0x0881FAA4
Cause     - 0x1000003C
BadVAddr  - 0x5F006814
Status    - 0x60088613
zr:0x00000000 at:0xDEADBEEF v0:0x0901E6E0 v1:0x0000008C
a0:0x00000000 a1:0xFFFFFFFC a2:0x00000000 a3:0xFFFFFFFB
t0:0x42C80000 t1:0x00000000 t2:0x09FFF2D8 t3:0xFFFFFFFF
t4:0x00000003 t5:0x09FFF2DC t6:0x0000000B t7:0x0000000A
s0:0x09AC0000 s1:0x00000001 s2:0x09AB9280 s3:0x08840000
s4:0x00000000 s5:0xFFFFFFFC s6:0x09AC0000 s7:0x08840000
t8:0xDEADBEEF t9:0xDEADBEEF k0:0x09FFFB00 k1:0x00000000
gp:0x00000000 sp:0x09FFF440 fp:0x08840000 ra:0x0881FFB0
0x0881FAA4: 0x46006B4D 'Mk.F' - trunc.w.s  $fpr13, $fpr13
host0:/> disasm 0x0881FAA4 100
0x0881FAA4: 0x03A03021 '!0..' - move       $a2, $sp
0x0881FAA8: 0x0E207ED1 '.~ .' - jal        0x0881FB44
0x0881FAAC: 0x00000000 '....' - nop
0x0881FAB0: 0x2405FFFF '...$' - li         $a1, -1
0x0881FAB4: 0x10510003 '..Q.' - beq        $v0, $s1, 0x0881FAC4
0x0881FAB8: 0x03B02021 '! ..' - addu       $a0, $sp, $s0
0x0881FABC: 0x0A207EA2 '.~ .' - j          0x0881FA88
0x0881FAC0: 0xA0800000 '....' - sb         $zr, 0($a0)
0x0881FAC4: 0x8FBF0054 'T...' - lw         $ra, 84($sp)
0x0881FAC8: 0x8FB40050 'P...' - lw         $s4, 80($sp)
0x0881FACC: 0x8FB3004C 'L...' - lw         $s3, 76($sp)
0x0881FAD0: 0x8FB20048 'H...' - lw         $s2, 72($sp)
0x0881FAD4: 0x8FB10044 'D...' - lw         $s1, 68($sp)
0x0881FAD8: 0x8FB00040 '@...' - lw         $s0, 64($sp)
0x0881FADC: 0x00A01021 '!...' - move       $v0, $a1
0x0881FAE0: 0x03E00008 '....' - jr         $ra
0x0881FAE4: 0x27BD0060 '`..'' - addiu      $sp, $sp, 96
0x0881FAE8: 0x268576AC '.v.&' - addiu      $a1, $s4, 30380
0x0881FAEC: 0x0E204B92 '.K .' - jal        0x08812E48
0x0881FAF0: 0x02602021 '! `.' - move       $a0, $s3
0x0881FAF4: 0x03B31021 '!...' - addu       $v0, $sp, $s3
0x0881FAF8: 0xA0400000 '..@.' - sb         $zr, 0($v0)
0x0881FAFC: 0x03A02021 '! ..' - move       $a0, $sp
0x0881FB00: 0x0E207F0E '.. .' - jal        0x0881FC38
0x0881FB04: 0x24050001 '...$' - li         $a1, 1
0x0881FB08: 0x14400006 '..@.' - bnez       $v0, 0x0881FB24
0x0881FB0C: 0x00402821 '!(@.' - move       $a1, $v0
0x0881FB10: 0x1640FFEC '..@.' - bnez       $s2, 0x0881FAC4
0x0881FB14: 0x00002821 '!(..' - move       $a1, $zr
0x0881FB18: 0x24120001 '...$' - li         $s2, 1
0x0881FB1C: 0x0A207E94 '.~ .' - j          0x0881FA50
0x0881FB20: 0x02608021 '!.`.' - move       $s0, $s3
0x0881FB24: 0x02402021 '! @.' - move       $a0, $s2
0x0881FB28: 0x0E207ED1 '.~ .' - jal        0x0881FB44
0x0881FB2C: 0x03A03021 '!0..' - move       $a2, $sp
0x0881FB30: 0x2403FFFF '...$' - li         $v1, -1
0x0881FB34: 0x1443FFF6 '..C.' - bne        $v0, $v1, 0x0881FB10
0x0881FB38: 0x2405FFFF '...$' - li         $a1, -1
0x0881FB3C: 0x0A207EB2 '.~ .' - j          0x0881FAC8
0x0881FB40: 0x8FBF0054 'T...' - lw         $ra, 84($sp)
0x0881FB44: 0x27BDFFA0 '...'' - addiu      $sp, $sp, -96
0x0881FB48: 0x3C02089D '...<' - lui        $v0, 0x89D
0x0881FB4C: 0xAFB40050 'P...' - sw         $s4, 80($sp)
0x0881FB50: 0x24543958 'X9T$' - addiu      $s4, $v0, 14680
0x0881FB54: 0x268224E2 '.$.&' - addiu      $v0, $s4, 9442
0x0881FB58: 0xAFB3004C 'L...' - sw         $s3, 76($sp)
0x0881FB5C: 0x92932F32 '2/..' - lbu        $s3, 12082($s4)
0x0881FB60: 0xAFB50054 'T...' - sw         $s5, 84($sp)
0x0881FB64: 0x7C05AE20 ' ..|' - seh        $s5, $a1
0x0881FB68: 0x00402821 '!(@.' - move       $a1, $v0
0x0881FB6C: 0xAFB10044 'D...' - sw         $s1, 68($sp)
0x0881FB70: 0x00C08821 '!...' - move       $s1, $a2
0x0881FB74: 0x03A03021 '!0..' - move       $a2, $sp
0x0881FB78: 0xAFB00040 '@...' - sw         $s0, 64($sp)
0x0881FB7C: 0x7C048620 ' ..|' - seh        $s0, $a0
0x0881FB80: 0x02602021 '! `.' - move       $a0, $s3
0x0881FB84: 0xAFBF0058 'X...' - sw         $ra, 88($sp)
0x0881FB88: 0x0E204B92 '.K .' - jal        0x08812E48
0x0881FB8C: 0xAFB20048 'H...' - sw         $s2, 72($sp)
0x0881FB90: 0x03B31021 '!...' - addu       $v0, $sp, $s3
0x0881FB94: 0xA0400000 '..@.' - sb         $zr, 0($v0)
0x0881FB98: 0x26924138 '8A.&' - addiu      $s2, $s4, 16696
0x0881FB9C: 0x02002021 '! ..' - move       $a0, $s0
0x0881FBA0: 0x02202821 '!( .' - move       $a1, $s1
0x0881FBA4: 0x02A03021 '!0..' - move       $a2, $s5
0x0881FBA8: 0x0E204D2F '/M .' - jal        0x088134BC
0x0881FBAC: 0x02403821 '!8@.' - move       $a3, $s2
0x0881FBB0: 0x7C021E20 ' ..|' - seh        $v1, $v0
0x0881FBB4: 0x00741821 '!.t.' - addu       $v1, $v1, $s4
0x0881FBB8: 0xA0604138 '8A`.' - sb         $zr, 16696($v1)
0x0881FBBC: 0x02402821 '!(@.' - move       $a1, $s2
0x0881FBC0: 0x03A02021 '! ..' - move       $a0, $sp
0x0881FBC4: 0x0E204BBA '.K .' - jal        0x08812EE8
0x0881FBC8: 0xA682417C '|A..' - sh         $v0, 16764($s4)
0x0881FBCC: 0x00002021 '! ..' - move       $a0, $zr
0x0881FBD0: 0x10400008 '..@.' - beqz       $v0, 0x0881FBF4
0x0881FBD4: 0x02A02821 '!(..' - move       $a1, $s5
0x0881FBD8: 0x24020800 '...$' - li         $v0, 2048
0x0881FBDC: 0x0E207FB1 '.. .' - jal        0x0881FEC4
0x0881FBE0: 0xA6824176 'vA..' - sh         $v0, 16758($s4)
0x0881FBE4: 0x24030001 '...$' - li         $v1, 1
0x0881FBE8: 0x1043000C '..C.' - beq        $v0, $v1, 0x0881FC1C
0x0881FBEC: 0x02A02021 '! ..' - move       $a0, $s5
0x0881FBF0: 0x00002021 '! ..' - move       $a0, $zr
0x0881FBF4: 0x8FBF0058 'X...' - lw         $ra, 88($sp)
0x0881FBF8: 0x8FB50054 'T...' - lw         $s5, 84($sp)
0x0881FBFC: 0x8FB40050 'P...' - lw         $s4, 80($sp)
0x0881FC00: 0x8FB3004C 'L...' - lw         $s3, 76($sp)
0x0881FC04: 0x8FB20048 'H...' - lw         $s2, 72($sp)
0x0881FC08: 0x8FB10044 'D...' - lw         $s1, 68($sp)
0x0881FC0C: 0x8FB00040 '@...' - lw         $s0, 64($sp)
0x0881FC10: 0x00801021 '!...' - move       $v0, $a0
0x0881FC14: 0x03E00008 '....' - jr         $ra
0x0881FC18: 0x27BD0060 '`..'' - addiu      $sp, $sp, 96
0x0881FC1C: 0x0E208056 'V. .' - jal        0x08820158
0x0881FC20: 0x00000000 '....' - nop
0x0881FC24: 0x2403FFFF '...$' - li         $v1, -1
0x0881FC28: 0x1443FFF1 '..C.' - bne        $v0, $v1, 0x0881FBF0
0x0881FC2C: 0x2404FFFF '...$' - li         $a0, -1
0x0881FC30: 0x0A207EFE '.~ .' - j          0x0881FBF8

host0:/> disasm 0x0881FAA4-100 100
0x0881FA40: 0xAFB3004C 'L...' - sw         $s3, 76($sp)
0x0881FA44: 0x02009821 '!...' - move       $s3, $s0
0x0881FA48: 0xAFB20048 'H...' - sw         $s2, 72($sp)
0x0881FA4C: 0x00009021 '!...' - move       $s2, $zr
0x0881FA50: 0x268576AC '.v.&' - addiu      $a1, $s4, 30380
0x0881FA54: 0x02002021 '! ..' - move       $a0, $s0
0x0881FA58: 0x0E204B92 '.K .' - jal        0x08812E48
0x0881FA5C: 0x03A03021 '!0..' - move       $a2, $sp
0x0881FA60: 0x03B01021 '!...' - addu       $v0, $sp, $s0
0x0881FA64: 0xA0400000 '..@.' - sb         $zr, 0($v0)
0x0881FA68: 0x02002821 '!(..' - move       $a1, $s0
0x0881FA6C: 0x02402021 '! @.' - move       $a0, $s2
0x0881FA70: 0x0E207ED1 '.~ .' - jal        0x0881FB44
0x0881FA74: 0x03A03021 '!0..' - move       $a2, $sp
0x0881FA78: 0x2403FFFF '...$' - li         $v1, -1
0x0881FA7C: 0x2405FFFF '...$' - li         $a1, -1
0x0881FA80: 0x10430010 '..C.' - beq        $v0, $v1, 0x0881FAC4
0x0881FA84: 0x2411FFFF '...$' - li         $s1, -1
0x0881FA88: 0x03A02021 '! ..' - move       $a0, $sp
0x0881FA8C: 0x0E207F0E '.. .' - jal        0x0881FC38
0x0881FA90: 0x00002821 '!(..' - move       $a1, $zr
0x0881FA94: 0x00408021 '!.@.' - move       $s0, $v0
0x0881FA98: 0x00402821 '!(@.' - move       $a1, $v0
0x0881FA9C: 0x02402021 '! @.' - move       $a0, $s2
0x0881FAA0: 0x10400011 '..@.' - beqz       $v0, 0x0881FAE8
0x0881FAA4: 0x03A03021 '!0..' - move       $a2, $sp
0x0881FAA8: 0x0E207ED1 '.~ .' - jal        0x0881FB44
0x0881FAAC: 0x00000000 '....' - nop
0x0881FAB0: 0x2405FFFF '...$' - li         $a1, -1
0x0881FAB4: 0x10510003 '..Q.' - beq        $v0, $s1, 0x0881FAC4
0x0881FAB8: 0x03B02021 '! ..' - addu       $a0, $sp, $s0
0x0881FABC: 0x0A207EA2 '.~ .' - j          0x0881FA88
0x0881FAC0: 0xA0800000 '....' - sb         $zr, 0($a0)
0x0881FAC4: 0x8FBF0054 'T...' - lw         $ra, 84($sp)
0x0881FAC8: 0x8FB40050 'P...' - lw         $s4, 80($sp)
0x0881FACC: 0x8FB3004C 'L...' - lw         $s3, 76($sp)
0x0881FAD0: 0x8FB20048 'H...' - lw         $s2, 72($sp)
0x0881FAD4: 0x8FB10044 'D...' - lw         $s1, 68($sp)
0x0881FAD8: 0x8FB00040 '@...' - lw         $s0, 64($sp)
0x0881FADC: 0x00A01021 '!...' - move       $v0, $a1
0x0881FAE0: 0x03E00008 '....' - jr         $ra
0x0881FAE4: 0x27BD0060 '`..'' - addiu      $sp, $sp, 96
0x0881FAE8: 0x268576AC '.v.&' - addiu      $a1, $s4, 30380
0x0881FAEC: 0x0E204B92 '.K .' - jal        0x08812E48
0x0881FAF0: 0x02602021 '! `.' - move       $a0, $s3
0x0881FAF4: 0x03B31021 '!...' - addu       $v0, $sp, $s3
0x0881FAF8: 0xA0400000 '..@.' - sb         $zr, 0($v0)
0x0881FAFC: 0x03A02021 '! ..' - move       $a0, $sp
0x0881FB00: 0x0E207F0E '.. .' - jal        0x0881FC38
0x0881FB04: 0x24050001 '...$' - li         $a1, 1
0x0881FB08: 0x14400006 '..@.' - bnez       $v0, 0x0881FB24
0x0881FB0C: 0x00402821 '!(@.' - move       $a1, $v0
0x0881FB10: 0x1640FFEC '..@.' - bnez       $s2, 0x0881FAC4
0x0881FB14: 0x00002821 '!(..' - move       $a1, $zr
0x0881FB18: 0x24120001 '...$' - li         $s2, 1
0x0881FB1C: 0x0A207E94 '.~ .' - j          0x0881FA50
0x0881FB20: 0x02608021 '!.`.' - move       $s0, $s3
0x0881FB24: 0x02402021 '! @.' - move       $a0, $s2
0x0881FB28: 0x0E207ED1 '.~ .' - jal        0x0881FB44
0x0881FB2C: 0x03A03021 '!0..' - move       $a2, $sp
0x0881FB30: 0x2403FFFF '...$' - li         $v1, -1
0x0881FB34: 0x1443FFF6 '..C.' - bne        $v0, $v1, 0x0881FB10
0x0881FB38: 0x2405FFFF '...$' - li         $a1, -1
0x0881FB3C: 0x0A207EB2 '.~ .' - j          0x0881FAC8
0x0881FB40: 0x8FBF0054 'T...' - lw         $ra, 84($sp)
0x0881FB44: 0x27BDFFA0 '...'' - addiu      $sp, $sp, -96
0x0881FB48: 0x3C02089D '...<' - lui        $v0, 0x89D
0x0881FB4C: 0xAFB40050 'P...' - sw         $s4, 80($sp)
0x0881FB50: 0x24543958 'X9T$' - addiu      $s4, $v0, 14680
0x0881FB54: 0x268224E2 '.$.&' - addiu      $v0, $s4, 9442
0x0881FB58: 0xAFB3004C 'L...' - sw         $s3, 76($sp)
0x0881FB5C: 0x92932F32 '2/..' - lbu        $s3, 12082($s4)
0x0881FB60: 0xAFB50054 'T...' - sw         $s5, 84($sp)
0x0881FB64: 0x7C05AE20 ' ..|' - seh        $s5, $a1
0x0881FB68: 0x00402821 '!(@.' - move       $a1, $v0
0x0881FB6C: 0xAFB10044 'D...' - sw         $s1, 68($sp)
0x0881FB70: 0x00C08821 '!...' - move       $s1, $a2
0x0881FB74: 0x03A03021 '!0..' - move       $a2, $sp
0x0881FB78: 0xAFB00040 '@...' - sw         $s0, 64($sp)
0x0881FB7C: 0x7C048620 ' ..|' - seh        $s0, $a0
0x0881FB80: 0x02602021 '! `.' - move       $a0, $s3
0x0881FB84: 0xAFBF0058 'X...' - sw         $ra, 88($sp)
0x0881FB88: 0x0E204B92 '.K .' - jal        0x08812E48
0x0881FB8C: 0xAFB20048 'H...' - sw         $s2, 72($sp)
0x0881FB90: 0x03B31021 '!...' - addu       $v0, $sp, $s3
0x0881FB94: 0xA0400000 '..@.' - sb         $zr, 0($v0)
0x0881FB98: 0x26924138 '8A.&' - addiu      $s2, $s4, 16696
0x0881FB9C: 0x02002021 '! ..' - move       $a0, $s0
0x0881FBA0: 0x02202821 '!( .' - move       $a1, $s1
0x0881FBA4: 0x02A03021 '!0..' - move       $a2, $s5
0x0881FBA8: 0x0E204D2F '/M .' - jal        0x088134BC
0x0881FBAC: 0x02403821 '!8@.' - move       $a3, $s2
0x0881FBB0: 0x7C021E20 ' ..|' - seh        $v1, $v0
0x0881FBB4: 0x00741821 '!.t.' - addu       $v1, $v1, $s4
0x0881FBB8: 0xA0604138 '8A`.' - sb         $zr, 16696($v1)
0x0881FBBC: 0x02402821 '!(@.' - move       $a1, $s2
0x0881FBC0: 0x03A02021 '! ..' - move       $a0, $sp
0x0881FBC4: 0x0E204BBA '.K .' - jal        0x08812EE8
0x0881FBC8: 0xA682417C '|A..' - sh         $v0, 16764($s4)
0x0881FBCC: 0x00002021 '! ..' - move       $a0, $zr
stavrosomo
Posts: 109
Joined: Sun May 29, 2011 10:36 am

Re: Crash

Post by stavrosomo »

anybody can tell me if the crashes i posted in my last two posts are useful? Is it much hard to tell? was waiting so long. at least tell so i know not to post again in this forum...... :cry:
noname120
Developer
Posts: 777
Joined: Thu Oct 07, 2010 4:29 pm

Re: Crash

Post by noname120 »

Your last one is useless.
Funny stuff
<yifanlu> I enjoy being loud and obnoxious
<yifanlu> rooting an android is like getting a hooker pregnant
<xerpi> I sometimes think I should leave all this stressing **** and be a farmer instead
stavrosomo
Posts: 109
Joined: Sun May 29, 2011 10:36 am

Re: Crash

Post by stavrosomo »

thank you for your answer. i will try and find more exploits!
Locked

Return to “Programming and Security”