these numbers represent intel syntax of 0x86 assembler to accesses memory
Dump of assembler code for function read_six_numbers:
0x0000000000401743 <+0>: sub $0x18,%rsp ; rsp = rsp - 24
0x0000000000401747 <+4>: mov %rsi,%rdx ; rdx = rsi
0x000000000040174a <+7>: lea 0x4(%rsi),%rcx ; rcx = *(rsi + 4)
0x000000000040174e <+11>: lea 0x14(%rsi),%rax ; rax = *(rsi + 20)
0x0000000000401752 <+15>: mov %rax,0x8(%rsp) ; *(rsp + 8) = rax
0x0000000000401757 <+20>: lea 0x10(%rsi),%rax ; rax = &(*(rsi + 16))
0x000000000040175b <+24>: mov %rax,(%rsp) ; rsp = rax
0x000000000040175f <+28>: lea 0xc(%rsi),%r9 ; r9 = *(rsi + 12)
0x0000000000401763 <+32>: lea 0x8(%rsi),%r8 ; r8 = *(rsi + 8)
0x0000000000401767 <+36>: mov $0x401eb2,%esi ; esi = "%d %d %d %d %d %d"
0x000000000040176c <+41>: mov $0x0,%eax ; eax = 0
0x0000000000401771 <+46>: callq 0x400ab0 <__isoc99_sscanf@plt>
0x0000000000401776 <+51>: cmp $0x5,%eax ; if (eax > 5) goto 0x401780
0x0000000000401779 <+54>: jg 0x401780 <read_six_numbers+61>
0x000000000040177b <+56>: callq 0x40163d <explode_bomb>
0x0000000000401780 <+61>: add $0x18,%rsp ; rsp = rsp + 24
0x0000000000401784 <+65>: retq ; return
End of assembler dump.
#define DEBUG_ON 0
int read_six_num(int *numArr[])
{
/*
24-bytes in the stack. => 6 x 4-byte integers.
We declare an array of 6 integers on the stack.
*/
char *cstring = NULL;
size_t size = 0;
getline(&cstring, &size, stdin);
int numArr[6];
int readOK;
readOK = sscanf(cstring, "%d %d %d %d %d %d", &numArr[0], &numArr[1], &numArr[2], &numArr[3], &numArr[4], &numArr[5]);
#ifdef DEBUG_ON
printf("Successfully read %d ", readOK);
#endif
free (cstring);
cstring = NULL;
if (readOK > 5) {
return;
}
else {
explode_bomb();
}
}
int phase_2()
{
int numArr[6];
read_six_numb(&numArr);
int i;
for(i = 0; i < 3; i++) {
if (numArr[i] != numArr[i + 3])
explode_bomb();
}
return;
This is the bomb lab phase2, I just have no idea on how to solve it....
Binary Bomb phase 4 Dump of assembler code for function phase_4: > 0x0000000000400fe7 <+0>: sub $0x18,%rsp 0x0000000000400feb <+4>: lea 0x8(%rsp),%rcx 0x0000000000400ff0 <+9>: lea 0xc(%rsp),%rdx 0x0000000000400ff5 <+14>: mov $0x40290d,%esi 0x0000000000400ffa <+19>: mov $0x0,%eax 0x0000000000400fff <+24>: callq 0x400c00 <__isoc99_sscanf@plt> 0x0000000000401004 <+29>: cmp $0x2,%eax 0x0000000000401007 <+32>: jne 0x401010 <phase_4+41> 0x0000000000401009 <+34>: cmpl $0xe,0xc(%rsp) 0x000000000040100e <+39>: jbe 0x401015 <phase_4+46> 0x0000000000401010 <+41>: callq 0x401662 <explode_bomb> 0x0000000000401015 <+46>: mov $0xe,%edx 0x000000000040101a <+51>: mov $0x0,%esi...
This is phase_5 of defusing a binary bomb. (Disass in x86 on a Linux system.) I am having trouble "debugging" this and figuring out what I need to enter to defuse this phase, but I am relatively sure I will need 6 inputs. Thanks in advance. Dump of assembler code for function phase_5: 0x00000000004011bf <+0>: push %rbx 0x00000000004011c0 <+1>: mov %rdi,%rbx 0x00000000004011c3 <+4>: callq 0x401414 <string_length> 0x00000000004011c8 <+9>: cmp $0x6,%eax //eax = 6? jump over explode 0x00000000004011cb <+12>: je 0x4011d2...