Question

This is the bomb lab phase2, I just have no idea on how to solve it. I know the answer is a six number array, I want to know what numbers they are?

6x00000000004015d7<+136> : pop %rbx 0x00000000004015d8 <+137>: retq of assembler dump. b) stepi 00401572 in phase2 ) db) disas mp of assenbler code for function phase2: %rbx $0x20,%rsp %fs:0x28,%rax %rax,0x18(%rsp) %eax , %eax %rsp,Krst 0x000000000040154f <+0>: 0x0000000000401550 <+1>: 0x0000000000401554 <+5>: push sub nov 6x000000000040155d <+14s: <+19> : 21»: ex0000000000401567 <+24>: oxogeoooo00040156c <+29>: <+35>: 6x0000000000401575 <+38>: 0x0000000000401577 <+40> : ox0000e0000040157C <+45>: 0x0000000000401581 50»: 0x0000000000401586<+55»: 0x0000000000401588 57»: 6x000000000040158b <+68>: 6x000000000040158e <+63»: ex0000000000401591 <+66>: <+68»: <+71>: 0x0000000000401598 <+73>: 6x0000000000401599<+74s: nov xor nov callq 0x401dde <read six_numbers> ROV0x204d8e(xrip) cnp je nov callq nov jnp novs1q nov lea cl 6x0000000000401562 0x0000000000401564 # 6x686300 <phase2-data %eax ,(%rs 0x401581 <phase2+5 $0x8,%eax 0x40217d <expl $6x1,%ebx 6x4015b9<phase2+ 186> %ebx,Krax (Krsp,%rax,4),%ecx ·6x1(%rbx),%eax > 6x0000000000401572 bonbo tq nov nov cltd ?div 6x0000000000401593 0x0000006000401596 (%rsp,%rax,4),%esi Kecx, xeax %est # 6x606304 phase2 data+4> 0x000000000040159b <+76>: cmp 0x204d63(Srip),xeax 0xoooeoo0000415a1 <+82>: jne ex4015ac <phase2+93> x00000000004015a5 <+86:cltd 6x00000000004015a6 6x00000000004015a8 exe0000000004015aa <+91 e 0x4015b6 <phase2+103> 87»: <+89>: idiv %est test %edx ,%edx sexe ,%eax sex1,%ebx 0x80000000004015ac <+93»: nov 1 <+98 callq 0x40217d <explode_bonb> 6x00000000004015b6 103»: add 0xe0000860004015b9 <+106: cmp ox00000000004015bc <+109 le 6x00000000004015be<+111»: ov 0x00000000004015c 3 6x000000000040 15cc Oxeeeeee00004015ce +127>: callq ex400ea <stack_chk fail@plt> 0xeeee6o60004015d3 <+132: add S0x20,xrsp $ex5,xebx x401588 <phase2+57 <+116> : 125»: xor je ex 18(%rsp),%rax %fs:0x28,%rax 0x4015d3 <phase2+132> 0x00000000004015d7 0xe0000600004015d8 <+137 retq <+136> : pop %rbx End of assembler dump (adb) x Seax

Answer 1

these numbers represent intel syntax of 0x86 assembler to accesses memory

Dump of assembler code for function read_six_numbers:

0x0000000000401743 <+0>: sub $0x18,%rsp ; rsp = rsp - 24

0x0000000000401747 <+4>: mov %rsi,%rdx ; rdx = rsi

0x000000000040174a <+7>: lea 0x4(%rsi),%rcx ; rcx = *(rsi + 4)

0x000000000040174e <+11>: lea 0x14(%rsi),%rax ; rax = *(rsi + 20)

0x0000000000401752 <+15>: mov %rax,0x8(%rsp) ; *(rsp + 8) = rax

0x0000000000401757 <+20>: lea 0x10(%rsi),%rax ; rax = &(*(rsi + 16))

0x000000000040175b <+24>: mov %rax,(%rsp) ; rsp = rax

0x000000000040175f <+28>: lea 0xc(%rsi),%r9 ; r9 = *(rsi + 12)

0x0000000000401763 <+32>: lea 0x8(%rsi),%r8 ; r8 = *(rsi + 8)

0x0000000000401767 <+36>: mov $0x401eb2,%esi ; esi = "%d %d %d %d %d %d"

0x000000000040176c <+41>: mov $0x0,%eax ; eax = 0

0x0000000000401771 <+46>: callq 0x400ab0 <__isoc99_sscanf@plt>

0x0000000000401776 <+51>: cmp $0x5,%eax ; if (eax > 5) goto 0x401780

0x0000000000401779 <+54>: jg 0x401780 <read_six_numbers+61>

0x000000000040177b <+56>: callq 0x40163d <explode_bomb>

0x0000000000401780 <+61>: add $0x18,%rsp ; rsp = rsp + 24

0x0000000000401784 <+65>: retq ; return

End of assembler dump.

#define DEBUG_ON 0

int read_six_num(int *numArr[])

{

/*

24-bytes in the stack. => 6 x 4-byte integers.

We declare an array of 6 integers on the stack.

*/

char *cstring = NULL;

size_t size = 0;

getline(&cstring, &size, stdin);

int numArr[6];

int readOK;

readOK = sscanf(cstring, "%d %d %d %d %d %d", &numArr[0], &numArr[1], &numArr[2], &numArr[3], &numArr[4], &numArr[5]);

#ifdef DEBUG_ON

printf("Successfully read %d ", readOK);

#endif

free (cstring);

cstring = NULL;

if (readOK > 5) {

return;

}

else {

explode_bomb();

}

}

int phase_2()

{

int numArr[6];

read_six_numb(&numArr);

int i;

for(i = 0; i < 3; i++) {

if (numArr[i] != numArr[i + 3])

explode_bomb();

}

return;