This is phase_5 of defusing a binary bomb. (Disass in x86 on a Linux system.) I am having trouble "debugging" this and figuring out what I need to enter to defuse this phase, but I am relatively sure I will need 6 inputs. Thanks in advance.
Dump of assembler code for function phase_5:
0x00000000004011bf <+0>: push %rbx
0x00000000004011c0 <+1>: mov %rdi,%rbx
0x00000000004011c3 <+4>: callq 0x401414 <string_length>
0x00000000004011c8 <+9>: cmp $0x6,%eax //eax = 6? jump over explode
0x00000000004011cb <+12>: je 0x4011d2 <phase_5+19>
0x00000000004011cd <+14>: callq 0x401706 <explode_bomb>
0x00000000004011d2 <+19>: mov %rbx,%rax
0x00000000004011d5 <+22>: lea 0x6(%rbx),%rdi
0x00000000004011d9 <+26>: mov $0x0,%ecx
0x00000000004011de <+31>: movzbl (%rax),%edx
0x00000000004011e1 <+34>: and $0xf,%edx
0x00000000004011e4 <+37>: add 0x402780(,%rdx,4),%ecx
0x00000000004011eb <+44>: add $0x1,%rax
0x00000000004011ef <+48>: cmp %rdi,%rax
0x00000000004011f2 <+51>: jne 0x4011de <phase_5+31>
0x00000000004011f4 <+53>: cmp $0x3c,%ecx
0x00000000004011f7 <+56>: je 0x4011fe <phase_5+63>
0x00000000004011f9 <+58>: callq 0x401706 <explode_bomb>
0x00000000004011fe <+63>: pop %rbx
0x00000000004011ff <+64>: retq
End of assembler dump.
Dump of assembler code for function string_length:
0x0000000000401414 <+0>: cmpb $0x0,(%rdi)
0x0000000000401417 <+3>: je 0x40142c <string_length+24>
0x0000000000401419 <+5>: mov $0x0,%eax
0x000000000040141e <+10>: add $0x1,%rdi
0x0000000000401422 <+14>: add $0x1,%eax
0x0000000000401425 <+17>: cmpb $0x0,(%rdi)
0x0000000000401428 <+20>: jne 0x40141e <string_length+10>
0x000000000040142a <+22>: repz retq
0x000000000040142c <+24>: mov $0x0,%eax
0x0000000000401431 <+29>: retq
sell off of assembler code for feature phase_6:
0x08048e24 <phase_6+0>: push %ebp
0x08048e25 <phase_6+1>: mov %esp,%ebp
0x08048e27 <phase_6+3>: push %edi
0x08048e28 <phase_6+4>: push %esi
0x08048e29 <phase_6+5>: push %ebx
0x08048e2a <phase_6+6>: sub $0x3c,%esp
0x08048e2d <phase_6+9>: lea -0x24(%ebp),%eax
0x08048e30 <phase_6+12>: mov %eax,0x4(%esp)
0x08048e34 <phase_6+16>: mov 0x8(%ebp),%eax
0x08048e37 <phase_6+19>: mov %eax,(%esp)
0x08048e3a <phase_6+22>: call 0x8049bdc <read_six_numbers>
0x08048e3f <phase_6+27>: mov $0x0,%ebx
0x08048e44 <phase_6+32>: mov -0x24(%ebp,%ebx,4),%eax
0x08048e48 <phase_6+36>: sub $0x1,%eax
0x08048e4b <phase_6+39>: cmp $half,%eax
0x08048e4e <phase_6+42>: jbe 0x8048e55 <phase_6+49>
0x08048e50 <phase_6+44>: call 0x8049ac9 <explode_bomb>
0x08048e55 <phase_6+49>: lea 0x1(%ebx),%edi
0x08048e58 <phase_6+52>: cmp $0x6,%edi
0x08048e5b <phase_6+55>: jne 0x8048e75 <phase_6+81>
0x08048e5d <phase_6+57>: mov $0x804c51c,%edx
0x08048e62 <phase_6+62>: mov $0x1,%eax
---type <return> to keep, or q <return> to give up---
0x08048e67 <phase_6+67>: mov $0x0,%ecx
0x08048e6c <phase_6+72>: mov %edx,%esi
0x08048e6e <phase_6+74>: mov $0x1,%ebx
0x08048e73 <phase_6+79>: jmp 0x8048e9d <phase_6+121>
0x08048e75 <phase_6+81>: lea -0x24(%ebp,%edi,four),%esi
0x08048e79 <phase_6+85>: mov %edi,%ebx
0x08048e7b <phase_6+87>: mov -0x28(%ebp,%edi,four),%eax
0x08048e7f <phase_6+91>: cmp (%esi),%eax
0x08048e81 <phase_6+93>: jne 0x8048e88 <phase_6+100>
0x08048e83 <phase_6+95>: call 0x8049ac9 <explode_bomb>
0x08048e88 <phase_6+100>: add $0x1,%ebx
0x08048e8b <phase_6+103>: add $0x4,%esi
0x08048e8e <phase_6+106>: cmp $1/2,%ebx
0x08048e91 <phase_6+109>: jle 0x8048e7b <phase_6+87>
0x08048e93 <phase_6+111>: mov %edi,%ebx
0x08048e95 <phase_6+113>: jmp 0x8048e44 <phase_6+32>
0x08048e97 <phase_6+115>: mov 0x8(%edx),%edx
0x08048e9a <phase_6+118>: upload $0x1,%eax
0x08048e9d <phase_6+121>: cmp -0x24(%ebp,%ecx,four),%eax
0x08048ea1 <phase_6+125>: jl 0x8048e97 <phase_6+115>
0x08048ea3 <phase_6+127>: mov %edx,-0x3c(%ebp,%ecx,4)
0x08048ea7 <phase_6+131>: add $0x1,%ecx
0x08048eaa <phase_6+134>: cmp $half,%ecx
---kind <return> to retain, or q <return> to end---
0x08048ead <phase_6+137>: jg 0x8048eb5 <phase_6+145>
0x08048eaf <phase_6+139>: mov %esi,%edx
0x08048eb1 <phase_6+141>: mov %ebx,%eax
0x08048eb3 <phase_6+143>: jmp 0x8048e9d <phase_6+121>
0x08048eb5 <phase_6+145>: mov -0x3c(%ebp),%ecx
0x08048eb8 <phase_6+148>: mov -0x38(%ebp),%eax
0x08048ebb <phase_6+151>: mov %eax,0x8(%ecx)
0x08048ebe <phase_6+154>: mov -0x34(%ebp),%edx
0x08048ec1 <phase_6+157>: mov %edx,0x8(%eax)
0x08048ec4 <phase_6+160>: mov -0x30(%ebp),%eax
0x08048ec7 <phase_6+163>: mov %eax,0x8(%edx)
0x08048eca <phase_6+166>: mov -0x2c(%ebp),%edx
0x08048ecd <phase_6+169>: mov %edx,0x8(%eax)
0x08048ed0 <phase_6+172>: mov -0x28(%ebp),%eax
0x08048ed3 <phase_6+175>: mov %eax,0x8(%edx)
0x08048ed6 <phase_6+178>: movl $0x0,0x8(%eax)
0x08048edd <phase_6+185>: mov %ecx,%ebx
0x08048edf <phase_6+187>: mov $0x0,%esi
0x08048ee4 <phase_6+192>: mov 0x8(%ebx),%edx
0x08048ee7 <phase_6+195>: mov (%ebx),%eax
0x08048ee9 <phase_6+197>: cmp (%edx),%eax
0x08048eeb <phase_6+199>: jge 0x8048ef2 <phase_6+206>
0x08048eed <phase_6+201>: name 0x8049ac9 <explode_bomb>
---type <return> to maintain, or q <return> to quit---
0x08048ef2 <phase_6+206>: mov 0x8(%ebx),%ebx
0x08048ef5 <phase_6+209>: upload $0x1,%esi
0x08048ef8 <phase_6+212>: cmp $0.5,%esi
0x08048efb <phase_6+215>: jne 0x8048ee4 <phase_6+192>
0x08048efd <phase_6+217>: upload $0x3c,%esp
0x08048f00 <phase_6+220>: pop %ebx
0x08048f01 <phase_6+221>: pop %esi
0x08048f02 <phase_6+222>: pop %edi
0x08048f03 <phase_6+223>: pop %ebp
0x08048f04 <phase_6+224>: ret
cease of assembler sell off.
unload of assembler code for function read_six_numbers:
0x08049bdc <read_six_numbers+0>: push %ebp
0x08049bdd <read_six_numbers+1>: mov %esp,%ebp
0x08049bdf <read_six_numbers+3>: sub $0x28,%esp
0x08049be2 <read_six_numbers+6>: mov 0xc(%ebp),%edx
0x08049be5 <read_six_numbers+9>: lea 0x14(%edx),%eax
0x08049be8 <read_six_numbers+12>: mov %eax,0x1c(%esp)
0x08049bec <read_six_numbers+16>: lea 0x10(%edx),%eax
0x08049bef <read_six_numbers+19>: mov %eax,0x18(%esp)
0x08049bf3 <read_six_numbers+23>: lea 0xc(%edx),%eax
0x08049bf6 <read_six_numbers+26>: mov %eax,0x14(%esp)
0x08049bfa <read_six_numbers+30>: lea 0x8(%edx),%eax
0x08049bfd <read_six_numbers+33>: mov %eax,0x10(%esp)
0x08049c01 <read_six_numbers+37>: lea 0x4(%edx),%eax
0x08049c04 <read_six_numbers+40>: mov %eax,0xc(%esp)
0x08049c08 <read_six_numbers+44>: mov %edx,0x8(%esp)
0x08049c0c <read_six_numbers+48>: movl $0x804a3f1,0x4(%esp)
0x08049c14 <read_six_numbers+56>: mov 0x8(%ebp),%eax
0x08049c17 <read_six_numbers+59>: mov %eax,(%esp)
0x08049c1a <read_six_numbers+62>: name 0x8048aa4 <sscanf@plt>
0x08049c1f <read_six_numbers+67>: cmp $1/2,%eax
0x08049c22 <read_six_numbers+70>: jg 0x8049c29 <read_six_numbers+77>
0x08049c24 <read_six_numbers+72>: name 0x8049ac9 <explode_bomb>
---kind <return> to keep, or q <return> to end---
0x08049c29 <read_six_numbers+77>: leave
0x08049c2a <read_six_numbers+78>: lea 0x0(%esi),%esi
0x08049c30 <read_six_numbers+84>: ret
quit of assembler unload.
This is phase_5 of defusing a binary bomb. (Disass in x86 on a Linux system.) I...
Binary Bomb phase 4 Dump of assembler code for function phase_4: > 0x0000000000400fe7 <+0>: sub $0x18,%rsp 0x0000000000400feb <+4>: lea 0x8(%rsp),%rcx 0x0000000000400ff0 <+9>: lea 0xc(%rsp),%rdx 0x0000000000400ff5 <+14>: mov $0x40290d,%esi 0x0000000000400ffa <+19>: mov $0x0,%eax 0x0000000000400fff <+24>: callq 0x400c00 <__isoc99_sscanf@plt> 0x0000000000401004 <+29>: cmp $0x2,%eax 0x0000000000401007 <+32>: jne 0x401010 <phase_4+41> 0x0000000000401009 <+34>: cmpl $0xe,0xc(%rsp) 0x000000000040100e <+39>: jbe 0x401015 <phase_4+46> 0x0000000000401010 <+41>: callq 0x401662 <explode_bomb> 0x0000000000401015 <+46>: mov $0xe,%edx 0x000000000040101a <+51>: mov $0x0,%esi...
Below is the disassembled code. PLease help me to defuse the binary bomb phase_7 08048e88 <phase_7>: 8048e88: 83 ec 2c sub $0x2c,%esp 8048e8b: 8d 44 24 18 lea 0x18(%esp),%eax 8048e8f: 89 44 24 0c mov %eax,0xc(%esp) 8048e93: 8d 44 24 1c lea 0x1c(%esp),%eax 8048e97: 89 44 24 08 mov %eax,0x8(%esp) 8048e9b: c7 44 24 04 61 a6 04 movl $0x804a661,0x4(%esp) 8048ea2: 08 8048ea3: 8b 44 24 30 mov 0x30(%esp),%eax 8048ea7: 89 04 24 mov %eax,(%esp) 8048eaa: e8 c1 f9 ff...
This is the bomb lab phase2, I just have no idea on how to solve it. I know the answer is a six number array, I want to know what numbers they are? 6x00000000004015d7<+136> : pop %rbx 0x00000000004015d8 <+137>: retq of assembler dump. b) stepi 00401572 in phase2 ) db) disas mp of assenbler code for function phase2: %rbx $0x20,%rsp %fs:0x28,%rax %rax,0x18(%rsp) %eax , %eax %rsp,Krst 0x000000000040154f <+0>: 0x0000000000401550 <+1>: 0x0000000000401554 <+5>: push sub nov 6x000000000040155d <+14s: <+19> : 21»:...
I need help finding the input that wont result in explode_bomb in this assembly 08048cd3 <phase_4>: 8048cd3: 57 push %edi 8048cd4: 56 push %esi 8048cd5: 53 push %ebx 8048cd6: 83 ec 10 sub $0x10,%esp 8048cd9: 8b 74 24 20 mov 0x20(%esp),%esi 8048cdd: 89 34 24 mov %esi,(%esp) 8048ce0: e8 f6 03 00 00 call 80490db <string_length> 8048ce5: 83 c0 01 add $0x1,%eax 8048ce8: 89 04 24 mov %eax,(%esp) 8048ceb: e8 10 fb ff ff call 8048800 <malloc@plt> 8048cf0: 89 c7...
Below is the disassembled code. PLease help me to defuse the binary bomb phase_4 so the right input should be 6 numbers with a certain pattern 08048cdb <phase_4>: 8048cdb: 53 push %ebx 8048cdc: 83 ec 38 sub $0x38,%esp 8048cdf: 8d 44 24 18 lea 0x18(%esp),%eax 8048ce3: 89 44 24 04 mov %eax,0x4(%esp) 8048ce7: 8b 44 24 40 mov 0x40(%esp),%eax 8048ceb: 89 04 24 mov %eax,(%esp) 8048cee: e8 11 07 00 00 call 8049404 <read_six_numbers> 8048cf3: 83 7c 24 18 00 cmpl...