{
 "cells": [
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "# python-binexport: Quick Start\n",
    "\n",
    "## Introduction\n",
    "\n",
    "The sample to work on has been extracted from the firmware of a edimax router (BR6478AC V2) and it is known to be vulnerable to CVE-2023-49351.\n",
    "It can be downloaded below."
   ]
  },
  {
   "cell_type": "raw",
   "metadata": {},
   "source": [
    "<div style=\"text-align: center;\"><a href=\"../_static/tutorials/edimax_practical.tar.gz\"><i class=\"fa fa-download fa-lg\"></i><br/>binary.tar.gz</a></div><br/>"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "It's a MIPS ELF executable that acts as a HTTP server. We are interested in finding all the functions that call a potentially unsafe primitive function (like `strcpy`).\n",
    "\n",
    "Let's use python-binexport to list them."
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## I. Loading the program\n",
    "\n",
    "If the program has not been exported with BinExport, it can be exported with:"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "metadata": {},
   "outputs": [],
   "source": [
    "from binexport import ProgramBinExport\n",
    "\n",
    "program = ProgramBinExport.from_binary_file(\"./webs\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "Otherwise it can be directly loaded with:"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 2,
   "metadata": {},
   "outputs": [],
   "source": [
    "from binexport import ProgramBinExport\n",
    "\n",
    "program = ProgramBinExport(\"./webs.BinExport\")"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## II. Listing interesting functions\n",
    "\n",
    "We are interested in listing all the functions that call a potentially vulnerable function, like `strcpy` for example.\n",
    "This can be achieved by using the [FunctionBinExport.parents](https://diffing.quarkslab.com/exporter/binexport.html#binexport.function.FunctionBinExport.parents) API."
   ]
  },
  {
   "cell_type": "raw",
   "metadata": {},
   "source": [
    "<button type=\"button\" class=\"collapsible\">Show Solution</button>"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 3,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "formiNICWdsEncrypt\n",
      "dhcpClientList\n",
      "CharFilter4\n",
      "formWpsStart\n",
      "formQoS\n",
      "wlSiteSurveyTbl\n",
      "getInfo\n",
      "formWIRESch\n",
      "get_dir\n",
      "formiNICSiteSurvey\n",
      "formiNICWpsStart\n",
      "wliNICSiteSurveyonlyTbl\n",
      "websFormDefine\n",
      "formFilter\n",
      "getiNICIndex\n",
      "formiNICbasic\n",
      "formVPNuser\n",
      "wlSurveyOnlyTbl\n",
      "formiNICEncrypt\n",
      "formEZQoS\n",
      "formTriggerPort\n",
      "websAspDefine\n",
      "formWlAc\n",
      "CharFilter2\n",
      "formWlSiteSurvey\n",
      "formWdsEncrypt\n",
      "WIRESchList\n",
      "ACPCList\n",
      "USBFolderSelect\n",
      "formPortFw\n",
      "sub_434E40\n",
      "wliNICSiteSurveyTbl\n",
      "wispSiteSurveyTbl5G\n",
      "CharFilter3\n",
      "formDNSProxyrules\n",
      "formUSBAccount\n",
      "CharFilter5\n",
      "getIndex\n",
      "CharFilter0\n",
      "formWlEncrypt\n",
      "formWlbasic\n",
      "formiNICAc\n",
      "CharFilter6\n",
      "setWAN\n",
      "getiNICInfo\n",
      "wispSiteSurveyTbl\n",
      "getInAddr\n",
      "apmib_set\n",
      "getWlSiteSurveyRequest\n",
      "formSaveText\n",
      "formUSBFolder\n",
      "apmib_get\n",
      "formVirtualSv\n"
     ]
    }
   ],
   "source": [
    "# Get the vulnerable function\n",
    "strcpy = program.fun_names[\"strcpy\"]\n",
    "\n",
    "targets = strcpy.parents\n",
    "print(\"\\n\".join(map(lambda f: f.name, targets)))"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## III. Find interesting paths in the CG\n",
    "\n",
    "Now what if we wanted to show the path in the CG (Call Graph) that leads to the execution of one of those functions from `main`?"
   ]
  },
  {
   "cell_type": "raw",
   "metadata": {
    "vscode": {
     "languageId": "html"
    }
   },
   "source": [
    "<button type=\"button\" class=\"collapsible\">Show Solution</button>"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 4,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "main > websAspInit > formsDefine > formiNICWdsEncrypt > strcpy\n",
      "main > websAspInit > formsDefine > dhcpClientList > strcpy\n",
      "main > websAspInit > formsDefine > virtualSvList > CharFilter4 > strcpy\n",
      "main > websAspInit > formsDefine > wlAcList > CharFilter4 > strcpy\n",
      "main > websAspInit > formsDefine > portFwList > CharFilter4 > strcpy\n",
      "main > websAspInit > formsDefine > wliNICAcList > CharFilter4 > strcpy\n",
      "main > websAspInit > formsDefine > macFilterList > CharFilter4 > strcpy\n",
      "main > websAspInit > formsDefine > ACPCList > CharFilter4 > strcpy\n",
      "main > websAspInit > formsDefine > triggerPortList > CharFilter4 > strcpy\n",
      "main > websAspInit > formsDefine > formWpsStart > strcpy\n",
      "main > websAspInit > formsDefine > formQoS > strcpy\n",
      "main > websAspInit > formsDefine > wlSiteSurveyTbl > strcpy\n",
      "main > websAspInit > formsDefine > getInfo > strcpy\n",
      "main > websAspInit > formsDefine > formWIRESch > strcpy\n",
      "main > loop > process_requests > read_header > process_header_end > init_get > get_dir > strcpy\n",
      "main > loop > process_requests > read_header > process_header_end > init_get2 > get_dir > strcpy\n",
      "main > websAspInit > formsDefine > formiNICSiteSurvey > strcpy\n",
      "main > websAspInit > formsDefine > formiNICWpsStart > strcpy\n",
      "main > websAspInit > formsDefine > wliNICSiteSurveyonlyTbl > strcpy\n",
      "main > websAspInit > formsDefine > websFormDefine > strcpy\n",
      "main > websAspInit > formsDefine > formFilter > strcpy\n",
      "main > websAspInit > getiNICVar > getiNICIndex > strcpy\n",
      "main > websAspInit > formsDefine > getiNICIndex > strcpy\n",
      "main > websAspInit > formsDefine > formiNICbasic > strcpy\n",
      "main > websAspInit > formsDefine > formVPNuser > strcpy\n",
      "main > websAspInit > formsDefine > wlSurveyOnlyTbl > strcpy\n",
      "main > websAspInit > formsDefine > formiNICEncrypt > strcpy\n",
      "main > websAspInit > formsDefine > formEZQoS > strcpy\n",
      "main > websAspInit > formsDefine > formTriggerPort > strcpy\n",
      "main > websAspInit > websAspDefine > strcpy\n",
      "main > websAspInit > formsDefine > websAspDefine > strcpy\n",
      "main > websAspInit > formsDefine > formWlAc > strcpy\n",
      "main > websAspInit > formsDefine > getiNICInfo > CharFilter2 > strcpy\n",
      "main > websAspInit > formsDefine > wliNICSiteSurveyTbl > CharFilter2 > strcpy\n",
      "main > websAspInit > formsDefine > wispSiteSurveyTbl5G > CharFilter2 > strcpy\n",
      "main > websAspInit > formsDefine > formWlSiteSurvey > CharFilter2 > strcpy\n",
      "main > websAspInit > formsDefine > wispSiteSurveyTbl > CharFilter2 > strcpy\n",
      "main > websAspInit > formsDefine > wlSurveyOnlyTbl > CharFilter2 > strcpy\n",
      "main > websAspInit > formsDefine > wlSiteSurveyTbl > CharFilter2 > strcpy\n",
      "main > websAspInit > formsDefine > getInfo > CharFilter2 > strcpy\n",
      "main > websAspInit > formsDefine > formiNICSiteSurvey > CharFilter2 > strcpy\n",
      "main > websAspInit > formsDefine > wliNICSiteSurveyonlyTbl > CharFilter2 > strcpy\n",
      "main > websAspInit > formsDefine > formWlSiteSurvey > strcpy\n",
      "main > websAspInit > formsDefine > formWdsEncrypt > strcpy\n",
      "main > websAspInit > formsDefine > WIRESchList > strcpy\n",
      "main > websAspInit > formsDefine > ACPCList > strcpy\n",
      "main > websAspInit > formsDefine > USBFolderSelect > strcpy\n",
      "main > websAspInit > formsDefine > formPortFw > strcpy\n",
      "main > websAspInit > formsDefine > wliNICSiteSurveyTbl > strcpy\n",
      "main > websAspInit > formsDefine > wispSiteSurveyTbl5G > strcpy\n",
      "main > websAspInit > formsDefine > formFilter > CharFilter3 > strcpy\n",
      "main > websAspInit > formsDefine > formiNICAc > CharFilter3 > strcpy\n",
      "main > websAspInit > formsDefine > formTriggerPort > CharFilter3 > strcpy\n",
      "main > websAspInit > formsDefine > formWlAc > CharFilter3 > strcpy\n",
      "main > websAspInit > formsDefine > formVirtualSv > CharFilter3 > strcpy\n",
      "main > websAspInit > formsDefine > formPortFw > CharFilter3 > strcpy\n",
      "main > websAspInit > formsDefine > formDNSProxyrules > strcpy\n",
      "main > websAspInit > formsDefine > formUSBAccount > strcpy\n",
      "main > websAspInit > formsDefine > getInfo > CharFilter5 > strcpy\n",
      "main > websAspInit > formsDefine > getiNICInfo > CharFilter5 > strcpy\n",
      "main > websAspInit > formsDefine > getIndex > strcpy\n",
      "main > websAspInit > getVar > getIndex > strcpy\n",
      "main > websAspInit > formsDefine > formWlbasic > CharFilter0 > strcpy\n",
      "main > websAspInit > formsDefine > formWlEncrypt > strcpy\n",
      "main > websAspInit > formsDefine > formWlbasic > strcpy\n",
      "main > websAspInit > formsDefine > formiNICAc > strcpy\n",
      "main > websAspInit > formsDefine > getInfo > CharFilter6 > strcpy\n",
      "main > websAspInit > formsDefine > getiNICInfo > CharFilter6 > strcpy\n",
      "main > websAspInit > formsDefine > setWAN > strcpy\n",
      "main > websAspInit > formsDefine > getiNICInfo > strcpy\n",
      "main > websAspInit > formsDefine > wispSiteSurveyTbl > strcpy\n",
      "main > websAspInit > formsDefine > getiNICInfo > getInAddr > strcpy\n",
      "main > websAspInit > formsDefine > getIndex > isDhcpClientExist > getInAddr > strcpy\n",
      "main > websAspInit > getVar > getIndex > isDhcpClientExist > getInAddr > strcpy\n",
      "main > websAspInit > getiNICVar > getiNICIndex > isDhcpClientExist > getInAddr > strcpy\n",
      "main > websAspInit > formsDefine > getiNICIndex > isDhcpClientExist > getInAddr > strcpy\n",
      "main > websAspInit > formsDefine > getiNICInfo > isDhcpClientExist > getInAddr > strcpy\n",
      "main > websAspInit > formsDefine > getInfo > isDhcpClientExist > getInAddr > strcpy\n",
      "main > websAspInit > formsDefine > formFilter > getInAddr > strcpy\n",
      "main > websAspInit > formsDefine > formrefresh > getInAddr > strcpy\n",
      "main > websAspInit > formsDefine > formQoS > getInAddr > strcpy\n",
      "main > websAspInit > formsDefine > formTcpipSetup > getInAddr > strcpy\n",
      "main > websAspInit > formsDefine > getInfo > getInAddr > strcpy\n",
      "main > websAspInit > formsDefine > formVirtualSv > getInAddr > strcpy\n",
      "main > websAspInit > formsDefine > formPortFw > getInAddr > strcpy\n",
      "main > websAspInit > formsDefine > formTELBPSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > wiz_5in1_redirect > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formAdvanceSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formiNICWdsEncrypt > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > saveAndReboot > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > chkLink > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formOpMode > opModeHandler > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formEZQoSMode > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formiNICWpsStart > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > setWifi > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formiNICbasic > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formVPNuser > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formUSBmanage > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formTriggerPort > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formPSSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formPortFw > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formStcIpSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formALGSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formiNICEnableSwitch > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formWpsEnable > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formMultipleSSID > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formDynIpSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formUSBdevice > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > getInfo > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formNatEnable > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formWIRESch > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formHWNATSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formEZQoS > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formTcpipSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formReManagementSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formiNICSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formPasswordSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formUPNPSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formWlbasic > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formStaDrvSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formSaveText > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formTimeZoneSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formAdvManagement > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formiNICAdvanceSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formVirtualSv > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formQoS > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formiNICSiteSurvey > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formFwEnable > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formWlanSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formPPPoESetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formWifiEnable > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formPPTPSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formUrlb > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formDDNSSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formWlSiteSurvey > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formWdsEncrypt > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formiNICWpsEnable > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formDNSProxyrules > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formLicence > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formWlEnableSwitch > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formIgmpEnable > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formWlEncrypt > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formiNICEnable > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formPOWERSch > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formSDHCP > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formPreventionSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formWanTcpipSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formWlEnable > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formVPNsetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formFilter > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formiNICEncrypt > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formWlAc > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formiNICMultipleSSID > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formUSBAccount > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formAPModeSwitch > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formiNICAc > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > setWAN > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formL2TPSetup > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > formUSBFolder > apmib_set > strcpy\n",
      "main > websAspInit > formsDefine > wliNICSiteSurveyTbl > getWlSiteSurveyRequest > strcpy\n",
      "main > websAspInit > formsDefine > wispSiteSurveyTbl5G > getWlSiteSurveyRequest > strcpy\n",
      "main > websAspInit > formsDefine > formWlSiteSurvey > getWlSiteSurveyRequest > strcpy\n",
      "main > websAspInit > formsDefine > wispSiteSurveyTbl > getWlSiteSurveyRequest > strcpy\n",
      "main > websAspInit > formsDefine > wlSurveyOnlyTbl > getWlSiteSurveyRequest > strcpy\n",
      "main > websAspInit > formsDefine > wlSiteSurveyTbl > getWlSiteSurveyRequest > strcpy\n",
      "main > websAspInit > formsDefine > formiNICSiteSurvey > getWlSiteSurveyRequest > strcpy\n",
      "main > websAspInit > formsDefine > wliNICSiteSurveyonlyTbl > getWlSiteSurveyRequest > strcpy\n",
      "main > websAspInit > formsDefine > formSaveText > strcpy\n",
      "main > websAspInit > formsDefine > formUSBFolder > strcpy\n",
      "main > websAspInit > formsDefine > formAdvanceSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formiNICWdsEncrypt > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > saveAndReboot > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > wlSiteSurveyTbl > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > chkLink > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > setWifi > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > StcRoutList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formUSBmanage > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formiNICbasic > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formVPNuser > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formTriggerPort > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > DNSPROXYURLList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > WIRESchList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formPortFw > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > FolderShow > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formStcIpSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formALGSetup > apmib_get > strcpy\n",
      "main > loop > process_requests > read_header > process_header_end > auth_authorize > apmib_get > strcpy\n",
      "main > websAspInit > apmib_init > apmib_get > strcpy\n",
      "main > resetWebs > apmib_reinit > apmib_init > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formSaveConfigSec > apmib_reinit > apmib_init > apmib_get > strcpy\n",
      "main > websAspInit > getiNICVar > getiNICIndex > apmib_reinit > apmib_init > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > getiNICIndex > apmib_reinit > apmib_init > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formWpsStart > apmib_reinit > apmib_init > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formSaveConfig > apmib_reinit > apmib_init > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formwizResetDefault > apmib_reinit > apmib_init > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > getIndex > apmib_reinit > apmib_init > apmib_get > strcpy\n",
      "main > websAspInit > getVar > getIndex > apmib_reinit > apmib_init > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formiNICWpsStart > apmib_reinit > apmib_init > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formResetDefault > apmib_reinit > apmib_init > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formWpsEnable > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formUSBdevice > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > URLBList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > getInfo > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formWIRESch > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > Wan1QosList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > macFilterList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > USBDevAccount > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formHWNATSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formEZQoS > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formTcpipSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formReManagementSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formApply > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > ACPCList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formiNICSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > wliNICSiteSurveyTbl > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formPasswordSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formUPNPSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formWlbasic > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > OpenVpnAccountList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > POWERSchList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formStaDrvSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formSaveText > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formTimeZoneSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formiNICAdvanceSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formVirtualSv > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > triggerPortList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > USBDevFolder > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formQoS > apmib_get > strcpy\n",
      "main > loop > process_requests > read_header > process_header_end > auth_authorize > auth_check_userpass2 > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formFwEnable > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > portFwList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > EZQosList > apmib_get > strcpy\n",
      "main > websAspInit > getiNICVar > getiNICIndex > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > getiNICIndex > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > wliNICAcList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formPPTPSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formUrlb > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formDDNSSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formWdsEncrypt > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formDNSProxyrules > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > virtualSvList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formIgmpEnable > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formWlEncrypt > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > AccountShow > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formPOWERSch > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formSDHCP > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formPreventionSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > SDHCPList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formWanTcpipSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > wlAcList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formFilter > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > DMZList > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formiNICEncrypt > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formWlAc > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > QosShow > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > showWebsPasswd > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formUSBAccount > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > getIndex > apmib_get > strcpy\n",
      "main > websAspInit > getVar > getIndex > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formAPModeSwitch > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formiNICAc > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > setWAN > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > getiNICInfo > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formL2TPSetup > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formUSBFolder > apmib_get > strcpy\n",
      "main > websAspInit > formsDefine > formVirtualSv > strcpy\n"
     ]
    }
   ],
   "source": [
    "from binexport import FunctionBinExport\n",
    "\n",
    "\n",
    "def dfs(f: FunctionBinExport, path: list[FunctionBinExport]):\n",
    "    if f.name == \"main\":\n",
    "        print(\" > \".join(map(lambda x: x.name, path[::-1])))\n",
    "        return\n",
    "    \n",
    "    for caller in f.parents:\n",
    "        path.append(caller)\n",
    "        dfs(caller, path)\n",
    "        path.pop(-1)\n",
    "\n",
    "for target in targets:\n",
    "    dfs(target, [strcpy, target])"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "This can gives us an idea of which functions to look at when searching for a vulnerability."
   ]
  },
  {
   "cell_type": "raw",
   "metadata": {},
   "source": [
    "<script>\n",
    "var coll = document.getElementsByClassName(\"collapsible\");\n",
    "var i;\n",
    "\n",
    "for (i = 0; i < coll.length; i++) {\n",
    "\n",
    "  var tmp = coll[i].nextElementSibling;\n",
    "  tmp.style.display = \"none\";\n",
    "  tmp.nextElementSibling.style.display = \"none\";\n",
    "\n",
    "  coll[i].addEventListener(\"click\", function() {\n",
    "    this.classList.toggle(\"active\");\n",
    "    var content = this.nextElementSibling;\n",
    "    var content2 = content.nextElementSibling;\n",
    "    if (content.style.display === \"none\") {\n",
    "      content.style.display = \"\";\n",
    "      content2.style.display = \"\";\n",
    "      this.innerHTML = \"Hide Solution\";\n",
    "    } else {\n",
    "      content.style.display = \"none\";\n",
    "      content2.style.display = \"none\";\n",
    "      this.innerHTML = \"Show Solution\";\n",
    "    }\n",
    "  });\n",
    "}\n",
    "</script>"
   ]
  }
 ],
 "metadata": {
  "kernelspec": {
   "display_name": ".venv",
   "language": "python",
   "name": "python3"
  },
  "language_info": {
   "codemirror_mode": {
    "name": "ipython",
    "version": 3
   },
   "file_extension": ".py",
   "mimetype": "text/x-python",
   "name": "python",
   "nbconvert_exporter": "python",
   "pygments_lexer": "ipython3",
   "version": "3.11.8"
  }
 },
 "nbformat": 4,
 "nbformat_minor": 2
}