ZuoTi.Pro
Question

This is phase_5 of defusing a binary bomb. (Disass in x86 on a Linux system.) I...

This is phase_5 of defusing a binary bomb. (Disass in x86 on a Linux system.) I am having trouble "debugging" this and figuring out what I need to enter to defuse this phase, but I am relatively sure I will need 6 inputs. Thanks in advance.

Dump of assembler code for function phase_5:

0x00000000004011bf <+0>: push %rbx

0x00000000004011c0 <+1>: mov %rdi,%rbx

0x00000000004011c3 <+4>: callq 0x401414 <string_length>

0x00000000004011c8 <+9>: cmp $0x6,%eax //eax = 6? jump over explode

0x00000000004011cb <+12>: je 0x4011d2 <phase_5+19>

0x00000000004011cd <+14>: callq 0x401706 <explode_bomb>

0x00000000004011d2 <+19>: mov %rbx,%rax

0x00000000004011d5 <+22>: lea 0x6(%rbx),%rdi

0x00000000004011d9 <+26>: mov $0x0,%ecx

0x00000000004011de <+31>: movzbl (%rax),%edx

0x00000000004011e1 <+34>: and $0xf,%edx

0x00000000004011e4 <+37>: add 0x402780(,%rdx,4),%ecx

0x00000000004011eb <+44>: add $0x1,%rax

0x00000000004011ef <+48>: cmp %rdi,%rax

0x00000000004011f2 <+51>: jne 0x4011de <phase_5+31>

0x00000000004011f4 <+53>: cmp $0x3c,%ecx

0x00000000004011f7 <+56>: je 0x4011fe <phase_5+63>

0x00000000004011f9 <+58>: callq 0x401706 <explode_bomb>

0x00000000004011fe <+63>: pop %rbx

0x00000000004011ff <+64>: retq

End of assembler dump.

Dump of assembler code for function string_length:

0x0000000000401414 <+0>: cmpb $0x0,(%rdi)

0x0000000000401417 <+3>: je 0x40142c <string_length+24>

0x0000000000401419 <+5>: mov $0x0,%eax

0x000000000040141e <+10>: add $0x1,%rdi

0x0000000000401422 <+14>: add $0x1,%eax

0x0000000000401425 <+17>: cmpb $0x0,(%rdi)

0x0000000000401428 <+20>: jne 0x40141e <string_length+10>

0x000000000040142a <+22>: repz retq

0x000000000040142c <+24>: mov $0x0,%eax

0x0000000000401431 <+29>: retq

engineering   Computer-Science   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Answer #1

sell off of assembler code for feature phase_6:

0x08048e24 <phase_6+0>:   push %ebp

0x08048e25 <phase_6+1>:   mov %esp,%ebp

0x08048e27 <phase_6+3>:   push %edi

0x08048e28 <phase_6+4>:   push %esi

0x08048e29 <phase_6+5>:   push %ebx

0x08048e2a <phase_6+6>:   sub $0x3c,%esp

0x08048e2d <phase_6+9>:   lea -0x24(%ebp),%eax

0x08048e30 <phase_6+12>:   mov %eax,0x4(%esp)

0x08048e34 <phase_6+16>:   mov 0x8(%ebp),%eax

0x08048e37 <phase_6+19>:   mov %eax,(%esp)

0x08048e3a <phase_6+22>:   call 0x8049bdc <read_six_numbers>

0x08048e3f <phase_6+27>:   mov $0x0,%ebx

0x08048e44 <phase_6+32>:   mov -0x24(%ebp,%ebx,4),%eax

0x08048e48 <phase_6+36>:   sub $0x1,%eax

0x08048e4b <phase_6+39>:   cmp $half,%eax

0x08048e4e <phase_6+42>:   jbe 0x8048e55 <phase_6+49>

0x08048e50 <phase_6+44>:   call 0x8049ac9 <explode_bomb>

0x08048e55 <phase_6+49>:   lea 0x1(%ebx),%edi

0x08048e58 <phase_6+52>:   cmp $0x6,%edi

0x08048e5b <phase_6+55>:   jne 0x8048e75 <phase_6+81>

0x08048e5d <phase_6+57>:   mov $0x804c51c,%edx

0x08048e62 <phase_6+62>:   mov $0x1,%eax

---type <return> to keep, or q <return> to give up---

0x08048e67 <phase_6+67>:   mov $0x0,%ecx

0x08048e6c <phase_6+72>:   mov %edx,%esi

0x08048e6e <phase_6+74>:   mov $0x1,%ebx

0x08048e73 <phase_6+79>:   jmp 0x8048e9d <phase_6+121>

0x08048e75 <phase_6+81>:   lea -0x24(%ebp,%edi,four),%esi

0x08048e79 <phase_6+85>:   mov %edi,%ebx

0x08048e7b <phase_6+87>:   mov -0x28(%ebp,%edi,four),%eax

0x08048e7f <phase_6+91>:   cmp (%esi),%eax

0x08048e81 <phase_6+93>:   jne 0x8048e88 <phase_6+100>

0x08048e83 <phase_6+95>:   call 0x8049ac9 <explode_bomb>

0x08048e88 <phase_6+100>:   add $0x1,%ebx

0x08048e8b <phase_6+103>:   add $0x4,%esi

0x08048e8e <phase_6+106>:   cmp $1/2,%ebx

0x08048e91 <phase_6+109>:   jle 0x8048e7b <phase_6+87>

0x08048e93 <phase_6+111>:   mov %edi,%ebx

0x08048e95 <phase_6+113>:   jmp 0x8048e44 <phase_6+32>

0x08048e97 <phase_6+115>:   mov 0x8(%edx),%edx

0x08048e9a <phase_6+118>:   upload $0x1,%eax

0x08048e9d <phase_6+121>:   cmp -0x24(%ebp,%ecx,four),%eax

0x08048ea1 <phase_6+125>:   jl 0x8048e97 <phase_6+115>

0x08048ea3 <phase_6+127>:   mov %edx,-0x3c(%ebp,%ecx,4)

0x08048ea7 <phase_6+131>:   add $0x1,%ecx

0x08048eaa <phase_6+134>:   cmp $half,%ecx

---kind <return> to retain, or q <return> to end---

0x08048ead <phase_6+137>:   jg 0x8048eb5 <phase_6+145>

0x08048eaf <phase_6+139>:   mov %esi,%edx

0x08048eb1 <phase_6+141>:   mov %ebx,%eax

0x08048eb3 <phase_6+143>:   jmp 0x8048e9d <phase_6+121>

0x08048eb5 <phase_6+145>:   mov -0x3c(%ebp),%ecx

0x08048eb8 <phase_6+148>:   mov -0x38(%ebp),%eax

0x08048ebb <phase_6+151>:   mov %eax,0x8(%ecx)

0x08048ebe <phase_6+154>:   mov -0x34(%ebp),%edx

0x08048ec1 <phase_6+157>:   mov %edx,0x8(%eax)

0x08048ec4 <phase_6+160>:   mov -0x30(%ebp),%eax

0x08048ec7 <phase_6+163>:   mov %eax,0x8(%edx)

0x08048eca <phase_6+166>:   mov -0x2c(%ebp),%edx

0x08048ecd <phase_6+169>:   mov %edx,0x8(%eax)

0x08048ed0 <phase_6+172>:   mov -0x28(%ebp),%eax

0x08048ed3 <phase_6+175>:   mov %eax,0x8(%edx)

0x08048ed6 <phase_6+178>:   movl $0x0,0x8(%eax)

0x08048edd <phase_6+185>:   mov %ecx,%ebx

0x08048edf <phase_6+187>:   mov $0x0,%esi

0x08048ee4 <phase_6+192>:   mov 0x8(%ebx),%edx

0x08048ee7 <phase_6+195>:   mov (%ebx),%eax

0x08048ee9 <phase_6+197>:   cmp (%edx),%eax

0x08048eeb <phase_6+199>:   jge 0x8048ef2 <phase_6+206>

0x08048eed <phase_6+201>:   name 0x8049ac9 <explode_bomb>

---type <return> to maintain, or q <return> to quit---

0x08048ef2 <phase_6+206>:   mov 0x8(%ebx),%ebx

0x08048ef5 <phase_6+209>:   upload $0x1,%esi

0x08048ef8 <phase_6+212>:   cmp $0.5,%esi

0x08048efb <phase_6+215>:   jne 0x8048ee4 <phase_6+192>

0x08048efd <phase_6+217>:   upload $0x3c,%esp

0x08048f00 <phase_6+220>:   pop %ebx

0x08048f01 <phase_6+221>:   pop %esi

0x08048f02 <phase_6+222>:   pop %edi

0x08048f03 <phase_6+223>:   pop %ebp

0x08048f04 <phase_6+224>:   ret

cease of assembler sell off.

unload of assembler code for function read_six_numbers:

0x08049bdc <read_six_numbers+0>:   push %ebp

0x08049bdd <read_six_numbers+1>:   mov %esp,%ebp

0x08049bdf <read_six_numbers+3>:   sub $0x28,%esp

0x08049be2 <read_six_numbers+6>:   mov 0xc(%ebp),%edx

0x08049be5 <read_six_numbers+9>:   lea 0x14(%edx),%eax

0x08049be8 <read_six_numbers+12>:   mov %eax,0x1c(%esp)

0x08049bec <read_six_numbers+16>:   lea 0x10(%edx),%eax

0x08049bef <read_six_numbers+19>:   mov %eax,0x18(%esp)

0x08049bf3 <read_six_numbers+23>:   lea 0xc(%edx),%eax

0x08049bf6 <read_six_numbers+26>:   mov %eax,0x14(%esp)

0x08049bfa <read_six_numbers+30>:   lea 0x8(%edx),%eax

0x08049bfd <read_six_numbers+33>:   mov %eax,0x10(%esp)

0x08049c01 <read_six_numbers+37>:   lea 0x4(%edx),%eax

0x08049c04 <read_six_numbers+40>:   mov %eax,0xc(%esp)

0x08049c08 <read_six_numbers+44>:   mov %edx,0x8(%esp)

0x08049c0c <read_six_numbers+48>:   movl $0x804a3f1,0x4(%esp)

0x08049c14 <read_six_numbers+56>:   mov 0x8(%ebp),%eax

0x08049c17 <read_six_numbers+59>:   mov %eax,(%esp)

0x08049c1a <read_six_numbers+62>:   name 0x8048aa4 <sscanf@plt>

0x08049c1f <read_six_numbers+67>:   cmp $1/2,%eax

0x08049c22 <read_six_numbers+70>:   jg 0x8049c29 <read_six_numbers+77>

0x08049c24 <read_six_numbers+72>:   name 0x8049ac9 <explode_bomb>

---kind <return> to keep, or q <return> to end---

0x08049c29 <read_six_numbers+77>:   leave

0x08049c2a <read_six_numbers+78>:   lea 0x0(%esi),%esi

0x08049c30 <read_six_numbers+84>:   ret

quit of assembler unload.

0 0
Add a comment
Know the answer?
Add Answer to:
This is phase_5 of defusing a binary bomb. (Disass in x86 on a Linux system.) I...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions

  • Binary Bomb phase 4 Dump of assembler code for function phase_4: > 0x0000000000400fe7 <+0>:     sub    $0x18,%rsp...

    Binary Bomb phase 4 Dump of assembler code for function phase_4: > 0x0000000000400fe7 <+0>:     sub    $0x18,%rsp    0x0000000000400feb <+4>:     lea    0x8(%rsp),%rcx    0x0000000000400ff0 <+9>:     lea    0xc(%rsp),%rdx    0x0000000000400ff5 <+14>:    mov    $0x40290d,%esi    0x0000000000400ffa <+19>:    mov    $0x0,%eax    0x0000000000400fff <+24>:    callq 0x400c00 <__isoc99_sscanf@plt>    0x0000000000401004 <+29>:    cmp    $0x2,%eax    0x0000000000401007 <+32>:    jne    0x401010 <phase_4+41>    0x0000000000401009 <+34>:    cmpl   $0xe,0xc(%rsp)    0x000000000040100e <+39>:    jbe    0x401015 <phase_4+46>    0x0000000000401010 <+41>:    callq 0x401662 <explode_bomb>    0x0000000000401015 <+46>:    mov    $0xe,%edx    0x000000000040101a <+51>:    mov    $0x0,%esi...

  • Below is the disassembled code. PLease help me to defuse the binary bomb phase_7 08048e88 <pha...

    Below is the disassembled code. PLease help me to defuse the binary bomb phase_7 08048e88 <phase_7>: 8048e88: 83 ec 2c sub $0x2c,%esp 8048e8b: 8d 44 24 18 lea 0x18(%esp),%eax 8048e8f: 89 44 24 0c mov %eax,0xc(%esp) 8048e93: 8d 44 24 1c lea 0x1c(%esp),%eax 8048e97: 89 44 24 08 mov %eax,0x8(%esp) 8048e9b: c7 44 24 04 61 a6 04 movl $0x804a661,0x4(%esp) 8048ea2: 08 8048ea3: 8b 44 24 30 mov 0x30(%esp),%eax 8048ea7: 89 04 24 mov %eax,(%esp) 8048eaa: e8 c1 f9 ff...

  • This is the bomb lab phase2, I just have no idea on how to solve it....

    This is the bomb lab phase2, I just have no idea on how to solve it. I know the answer is a six number array, I want to know what numbers they are? 6x00000000004015d7<+136> : pop %rbx 0x00000000004015d8 <+137>: retq of assembler dump. b) stepi 00401572 in phase2 ) db) disas mp of assenbler code for function phase2: %rbx $0x20,%rsp %fs:0x28,%rax %rax,0x18(%rsp) %eax , %eax %rsp,Krst 0x000000000040154f <+0>: 0x0000000000401550 <+1>: 0x0000000000401554 <+5>: push sub nov 6x000000000040155d <+14s: <+19> : 21»:...

  • I need help finding the input that wont result in explode_bomb in this assembly 08048cd3 <phase_4>:...

    I need help finding the input that wont result in explode_bomb in this assembly 08048cd3 <phase_4>: 8048cd3: 57 push %edi 8048cd4: 56 push %esi 8048cd5: 53 push %ebx 8048cd6: 83 ec 10 sub $0x10,%esp 8048cd9: 8b 74 24 20 mov 0x20(%esp),%esi 8048cdd: 89 34 24 mov %esi,(%esp) 8048ce0: e8 f6 03 00 00 call 80490db <string_length> 8048ce5: 83 c0 01 add $0x1,%eax 8048ce8: 89 04 24 mov %eax,(%esp) 8048ceb: e8 10 fb ff ff call 8048800 <malloc@plt> 8048cf0: 89 c7...

  • Below is the disassembled code. PLease help me to defuse the binary bomb phase_4 so the...

    Below is the disassembled code. PLease help me to defuse the binary bomb phase_4 so the right input should be  6 numbers with a certain pattern 08048cdb <phase_4>: 8048cdb: 53 push %ebx 8048cdc: 83 ec 38 sub $0x38,%esp 8048cdf: 8d 44 24 18 lea 0x18(%esp),%eax 8048ce3: 89 44 24 04 mov %eax,0x4(%esp) 8048ce7: 8b 44 24 40 mov 0x40(%esp),%eax 8048ceb: 89 04 24 mov %eax,(%esp) 8048cee: e8 11 07 00 00 call 8049404 <read_six_numbers> 8048cf3: 83 7c 24 18 00 cmpl...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT