Binary Bomb phase 4
Dump of assembler code for function
phase_4:
> 0x0000000000400fe7 <+0>:
sub $0x18,%rsp
0x0000000000400feb <+4>:
lea 0x8(%rsp),%rcx
0x0000000000400ff0 <+9>:
lea 0xc(%rsp),%rdx
0x0000000000400ff5 <+14>:
mov $0x40290d,%esi
0x0000000000400ffa <+19>:
mov $0x0,%eax
0x0000000000400fff <+24>:
callq 0x400c00 <__isoc99_sscanf@plt>
0x0000000000401004 <+29>:
cmp $0x2,%eax
0x0000000000401007 <+32>:
jne 0x401010 <phase_4+41>
0x0000000000401009 <+34>:
cmpl $0xe,0xc(%rsp)
0x000000000040100e <+39>:
jbe 0x401015 <phase_4+46>
0x0000000000401010 <+41>:
callq 0x401662 <explode_bomb>
0x0000000000401015 <+46>:
mov $0xe,%edx
0x000000000040101a <+51>:
mov $0x0,%esi
0x000000000040101f <+56>:
mov 0xc(%rsp),%edi
0x0000000000401023 <+60>:
callq 0x400fb4 <func4>
0x0000000000401028 <+65>:
cmp $0x12,%eax
0x000000000040102b <+68>:
jne 0x401034 <phase_4+77>
0x000000000040102d <+70>:
cmpl $0x12,0x8(%rsp)
0x0000000000401032 <+75>:
je 0x401039 <phase_4+82>
0x0000000000401034 <+77>:
callq 0x401662 <explode_bomb>
0x0000000000401039 <+82>:
add $0x18,%rsp
0x000000000040103d <+86>:
retq
End of assembler dump.
(gdb) disassemble /m func4
Dump of assembler code for function func4:
0x0000000000400fb4 <+0>:
push %rbx
0x0000000000400fb5 <+1>:
mov %edx,%eax
0x0000000000400fb7 <+3>:
sub %esi,%eax
0x0000000000400fb9 <+5>:
mov %eax,%ebx
0x0000000000400fbb <+7>:
shr $0x1f,%ebx
0x0000000000400fbe <+10>:
add %ebx,%eax
0x0000000000400fc0 <+12>:
sar %eax
0x0000000000400fc2 <+14>:
lea (%rax,%rsi,1),%ebx
0x0000000000400fc5 <+17>:
cmp %edi,%ebx
0x0000000000400fc7 <+19>:
jle 0x400fd5 <func4+33>
0x0000000000400fc9 <+21>:
lea -0x1(%rbx),%edx
0x0000000000400fcc <+24>:
callq 0x400fb4 <func4>
0x0000000000400fd1 <+29>:
add %ebx,%eax
0x0000000000400fd3 <+31>:
jmp 0x400fe5 <func4+49>
0x0000000000400fd5 <+33>:
mov %ebx,%eax
0x0000000000400fd7 <+35>:
cmp %edi,%ebx
0x0000000000400fd9 <+37>:
jge 0x400fe5 <func4+49>
0x0000000000400fdb <+39>:
lea 0x1(%rbx),%esi
0x0000000000400fde <+42>:
callq 0x400fb4 <func4>
0x0000000000400fe3 <+47>:
add %ebx,%eax
0x0000000000400fe5 <+49>:
pop %rbx
0x0000000000400fe6 <+50>:
retq
End of assembler dump.
So what is the answer for bomb 4. Is it 0 7 ?
#include "trim.h"
namespace generic {
std::string trim_right(const std::string& s) {
std::string::size_type e = s.find_last_not_of(" \t\n\r\f");
return std::string(s, 0, e == std::string::npos ? 0 : e + 1);
}
std::string trim_left(const std::string& s) {
std::string::size_type b = s.find_first_not_of(" \t\n\r\f");
return std::string(s, b == std::string::npos ? 0 : b, std::string::npos);
}
std::string trim(const std::string& s) {
const char* ws = " \t\n\r\f";
std::string::size_type e = s.find_last_not_of(ws);
std::string::size_type b = s.find_first_not_of(ws);
if (b == std::string::npos) { b = 0; }
return std::string(s, b, e == std::string::npos ? 0 : e - b + 1);
}
}
Binary Bomb phase 4 Dump of assembler code for function phase_4: > 0x0000000000400fe7 <+0>: sub $0x18,%rsp...
This is phase_5 of defusing a binary bomb. (Disass in x86 on a Linux system.) I am having trouble "debugging" this and figuring out what I need to enter to defuse this phase, but I am relatively sure I will need 6 inputs. Thanks in advance. Dump of assembler code for function phase_5: 0x00000000004011bf <+0>: push %rbx 0x00000000004011c0 <+1>: mov %rdi,%rbx 0x00000000004011c3 <+4>: callq 0x401414 <string_length> 0x00000000004011c8 <+9>: cmp $0x6,%eax //eax = 6? jump over explode 0x00000000004011cb <+12>: je 0x4011d2...
Below is the disassembled code. PLease help me to defuse the binary bomb phase_4 so the right input should be 6 numbers with a certain pattern 08048cdb <phase_4>: 8048cdb: 53 push %ebx 8048cdc: 83 ec 38 sub $0x38,%esp 8048cdf: 8d 44 24 18 lea 0x18(%esp),%eax 8048ce3: 89 44 24 04 mov %eax,0x4(%esp) 8048ce7: 8b 44 24 40 mov 0x40(%esp),%eax 8048ceb: 89 04 24 mov %eax,(%esp) 8048cee: e8 11 07 00 00 call 8049404 <read_six_numbers> 8048cf3: 83 7c 24 18 00 cmpl...
This is the bomb lab phase2, I just have no idea on how to solve it. I know the answer is a six number array, I want to know what numbers they are? 6x00000000004015d7<+136> : pop %rbx 0x00000000004015d8 <+137>: retq of assembler dump. b) stepi 00401572 in phase2 ) db) disas mp of assenbler code for function phase2: %rbx $0x20,%rsp %fs:0x28,%rax %rax,0x18(%rsp) %eax , %eax %rsp,Krst 0x000000000040154f <+0>: 0x0000000000401550 <+1>: 0x0000000000401554 <+5>: push sub nov 6x000000000040155d <+14s: <+19> : 21»:...
I need help finding the input that wont result in explode_bomb in this assembly 08048cd3 <phase_4>: 8048cd3: 57 push %edi 8048cd4: 56 push %esi 8048cd5: 53 push %ebx 8048cd6: 83 ec 10 sub $0x10,%esp 8048cd9: 8b 74 24 20 mov 0x20(%esp),%esi 8048cdd: 89 34 24 mov %esi,(%esp) 8048ce0: e8 f6 03 00 00 call 80490db <string_length> 8048ce5: 83 c0 01 add $0x1,%eax 8048ce8: 89 04 24 mov %eax,(%esp) 8048ceb: e8 10 fb ff ff call 8048800 <malloc@plt> 8048cf0: 89 c7...
Below is the disassembled code. PLease help me to defuse the binary bomb phase_7 08048e88 <phase_7>: 8048e88: 83 ec 2c sub $0x2c,%esp 8048e8b: 8d 44 24 18 lea 0x18(%esp),%eax 8048e8f: 89 44 24 0c mov %eax,0xc(%esp) 8048e93: 8d 44 24 1c lea 0x1c(%esp),%eax 8048e97: 89 44 24 08 mov %eax,0x8(%esp) 8048e9b: c7 44 24 04 61 a6 04 movl $0x804a661,0x4(%esp) 8048ea2: 08 8048ea3: 8b 44 24 30 mov 0x30(%esp),%eax 8048ea7: 89 04 24 mov %eax,(%esp) 8048eaa: e8 c1 f9 ff...
Understanding assembly language: The assembly language for cars() is: (gdb) disass cars Dump of assembler code for function vanilla: 0x00000000004004cd <+0>: push %rbp 0x00000000004004ce <+1>: mov %rsp,%rbp 0x00000000004004d1 <+4>: mov %edi,-0x14(%rbp) 0x00000000004004d4 <+7>: mov -0x14(%rbp),%eax 0x00000000004004d7 <+10>: add %eax,%eax 0x00000000004004d9 <+12>: mov %eax,-0x4(%rbp) 0x00000000004004dc <+15>: mov -0x4(%rbp),%eax 0x00000000004004df <+18>: mov -0x14(%rbp),%edx 0x00000000004004e2 <+21>: add %edx,%eax 0x00000000004004e4 <+23>: pop %rbp 0x00000000004004e5 <+24>: retq End of assembler dump. Give a 1-2...
Please explain the table solution. The red answers are correct. Please explain step by step why 5) Mutually assured instruction. (10 pts) a) First, deduce the following functions. (4pts) 000000000000064a <func1>: 64a: 48 83 ec 18 sub $0x18,%rsp 64e: 89 70 24 OC mov %edi, oxc(%rsp) 652: 83 70 24 Oc 00 cmpl $0x0, xc(%rsp) 657: 75 07 jne 660 <func1+0x16> 659: b8 01 00 00 00 mov $0x1,%eax 65e: ebbe jmp 66e <func1+0x24> 660: 85 44 24 Oc mov...
The following problem concerns the following, low-quality code: void foo(int x) { int a[3]; char buf[1]; a[1] = x; a[2] = 0xA0B1C2D3; gets(buf); printf("a[0] = 0x%x, a[2] = 0x%x, buf = %s\n", a[0], a[2], buf); } In a program containing this code, procedure foo has the following disassembled form on an x86/64 machine: 000000000040057d <foo>: 40057d: push %rbp 40057e: mov %rsp,%rbp 400581: sub $0x30,%rsp 400585: mov %edi,-0x24(%rbp) 400588: mov -0x24(%rbp),%eax 40058b: mov %eax,-0xc(%rbp) 40058e: movl $0xa0b1c2d3,-0x8(%rbp) 400595: lea -0x11(%rbp),%rax 400599:...
X86 Assembly Language Help to implement the CipherChar Procedure at the end of the given code INCLUDE Irvine32.inc .data KeyPrompt BYTE "Enter the passphrase: ",0 TextPrompt BYTE "Enter the plaintest: ",0 str1 BYTE "The passphrase has length:",0 str2 BYTE "The plaintest has length:",0 KeyIs BYTE "The passphrase: ",0 PlainTextIs BYTE "The plaintext: ",0 CipherTextIs BYTE "The ciphertext: ",0 KMAX = 64 ; passphrase buffer maximum size BMAX = 128 ; test...