MAC-577IF2-E RealTek rtl8195a -Reverse things

On va donc se concentrer sur la partie httpd, ses endpoints, et la création/utilisation des password

Commons functions in :
amb1_sdk/component/common/network/httpd/httpd.h

Example (with documentation & _real_address):

/**
 * @brief     This function is used to setup authorization for server.
 * @param[in] user: string of user name for authorization
 * @param[in] password: string of password for authorization
 * @return    0 : if successful
 * @return    -1 : if error occurred
 * @note      Must be used before httpd_start() if basic authorization is used
 */
int httpd_setup_user_password_30029150(char *user, char *password);

So where is httpd_start ?

/**
 * @brief     This function is used to start an HTTP or HTTPS server.
 * @param[in] port: service port
 * @param[in] max_conn: max client connections allowed
 * @param[in] stack_bytes: thread stack size in bytes
 * @param[in] thread_mode: server running thread mode. Must be HTTPD_THREAD_SINGLE, HTTPD_THREAD_MULTIPLE.
 * @param[in] secure: security mode for HTTP or HTTPS. Must be HTTPD_SECURE_NONE, HTTPD_SECURE_TLS, HTTPD_SECURE_TLS_VERIFY.
 * @return    0 : if successful
 * @return    -1 : if error occurred
 */
int httpd_start_300290c4(uint16_t port, uint8_t max_conn, uint32_t stack_bytes, uint8_t thread_mode, uint8_t secure);

Who call httpd_start ?

httpd_set_login_password_endpoint_30054de4

What do httpd_set_login_password_endpoint ?

app_flash_data_read_3000433c(flash_b9_login_user_len,&login_user_len,4);
if (0x40 < login_user_len) {
login_user_len = 0x40;
}
app_flash_data_read_3000433c(flash_ba_login_user_str,login_user_str,login_user_len);
i_root = get_login_data_300197d8(3,&login_root);
i_suser = get_login_data_300197d8(4,&login_suser);
i_admin = get_login_data_300197d8(5,&login_admin);
if ((i_root < 0 || i_suser < 0) || i_admin < 0) {
LOG_console_30003438(s_ERROR:_decsec_getdata_fi_PW_30054fc4);
}
else {
memcpy_30003458(login_root_str,login_root,0x41);
memcpy_30003458(login_suser_str,login_suser,0x41);
memcpy_30003458(login_admin_str,login_admin,0x41);

login user, user_len & user_password are read from flash
login root/suser/admin & password are read with get_login_data()

What do get_login_data ?

int get_login_data_300197d8(int index,void *value) {
int iVar1;
undefined *production_table;
production_table = x0(production)_xxxxxxxxxx_PTR_PTR_300198d0;
if (((index < 0) || (8 < (uint)index)) || (value == NULL)) {
return -1;
}
iVar1 = *(int *)(x0(production)_xxxxxxxxxx_PTR_PTR_300198d0 + 4);
*(int *)value = iVar1;
if (-1 < *(int *)production_table) {
*(dword *)value = iVar1 + (&DWORD_300198ec)[index * 2];
return *(int *)(&DAT_300198f0 + index * 8);
}
if (*(int *)production_table == -0x80000000) {
return -2;
}
return -3;
}

What is production_table ?

10(production)_d9c7c1c1e8
20(production)_fc03045a0
50(production)_d7b8c8ffaf 
60(production)_china1

Specifics application (apl) functions :

All starts with : httpd_apl_xxx ; ie : all callback are like httpd_apl_xxxx_cgi_execute_fv