C++

Forum

 
ok what I am missin in this bomb assignment.

uscuba2 (30)
I have to figure out that 6 inputs are to keep the bom from going off.I print $eax which is 6 and then print $edx which is 2. If I do cont the "bomb" goes off. But $eax and $edx never change for 6 and 2. What I am doing wrong?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
0x0804885c <phase_2+0>: push   %ebp
0x0804885d <phase_2+1>: mov    %esp,%ebp
0x0804885f <phase_2+3>: sub    $0x28,%esp
0x08048862 <phase_2+6>: lea    0xffffffe4(%ebp),%eax
0x08048865 <phase_2+9>: mov    %eax,0x4(%esp)
0x08048869 <phase_2+13>:        mov    0x8(%ebp),%eax
0x0804886c <phase_2+16>:        mov    %eax,(%esp)
0x0804886f <phase_2+19>:        call   0x8048dac <read_six_numbers>
0x08048874 <phase_2+24>:        movl   $0x1,0xfffffffc(%ebp)
0x0804887b <phase_2+31>:        jmp    0x804889e <phase_2+66>
0x0804887d <phase_2+33>:        mov    0xfffffffc(%ebp),%eax
0x08048880 <phase_2+36>:        mov    0xffffffe4(%ebp,%eax,4),%edx
0x08048884 <phase_2+40>:        mov    0xfffffffc(%ebp),%eax
0x08048887 <phase_2+43>:        sub    $0x1,%eax
0x0804888a <phase_2+46>:        mov    0xffffffe4(%ebp,%eax,4),%eax
0x0804888e <phase_2+50>:        add    $0x5,%eax
0x08048891 <phase_2+53>:        cmp    %eax,%edx
0x08048893 <phase_2+55>:        je     0x804889a <phase_2+62>
0x08048895 <phase_2+57>:        call   0x804906c <explode_bomb>
0x0804889a <phase_2+62>:        addl   $0x1,0xfffffffc(%ebp)
0x0804889e <phase_2+66>:        cmpl   $0x5,0xfffffffc(%ebp)
0x080488a2 <phase_2+70>:        jle    0x804887d <phase_2+33>
0x080488a4 <phase_2+72>:        leave
0x080488a5 <phase_2+73>:        ret
End of assembler dump.
(gdb) 

(gdb) break *0x08048891
Breakpoint 1 at 0x8048891
(gdb) print $eax
No registers.
(gdb) run
Starting program: /home//hw4bomb/bomb/bomb
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
Welcome to my fiendish little bomb. You have 6 phases with
which to blow yourself up. Have a nice day!
This bomb is easy to solve.
Phase 1 defused. How about the next one?
1 2 3 4 5 6

Breakpoint 1, 0x08048891 in phase_2 ()
(gdb)

Last edited on
PanGalactic (1658)
So, somebody is going to try to convince me that this is appropriate discussion for the beginner C++ forum because to truly appreciate the power of C++ you have to master C and x86 assembly. But I really don't buy it. I don't think this is the appropriate forum for your question.
uscuba2 (30)
Ok, what would be?I thought this was for beginners. I was not asking for someone tell me the answer. I was asking if I was taking the right approach. But I figured it once I got $eax to equal 11. It was $edx always being 2 that was messing me up.
Duthomhas (13148)
I understand seeing C code, and even the occasional, wayward C# posting, but this is a random x86 assembly dump with no useful information, let alone context.

I presume you are actually coding this program in C or C++, seeing as it does much more than that little snippit of assembly, and the words "C++" and "cplusplus" are plastered all over this page and your browser. Care to share with us some actual source code? And a little more about what 1) it should do and 2) it is doing?
Hammurabi (399)
Do you think we're mind readers? Put a little effort into your explanation!

At any rate, a quick google (search terms: 6 input bomb) reveals the assignment:

http://209.85.173.132/search?q=cache:57VlQNXbA_0J:www.lst.inf.ethz.ch/teaching/lectures/hs08/51/homework/hw06/hw6-bomblab.pdf

So he does not have the (full) C source.
kbw (9488)
That's a cool assignment. They weren't like that in my day.
jsmith (5804)
This is easy.

Hints:


0xfffffffc(%ebp) is a for loop counter that is initialized at phase_2+24 and whose terminating condition is checked at phase_2+66 and which is incremented at phase_2+62.

0xffffffe4(%ebp) is a pointer to an array of 6 integers that is used as the "password" to match.

the user input is mucked with a bit and then compared with the password somewhere between phase_2+31 and phase_2+57. (i won't say where exactly as this will give you the solution outright).


Just set a breakpoint on phase_2+57 so that explode_bomb is never called.

[if you are really good, you could safely modify the executable to replace the call to explode_bomb with a call to abort. To do this, however, in case there are other booby traps in the calling functions that, say, check the CRC of the executable to ensure it hasn't been tampered with, you would need to keep the original executable around, then write another program that exec()s your modified program but sets argv[0] to point to the original executable. This will circumvent the CRC check.]

I do like this assignment. I wish mine would have been that fun.
Topic archived. No new replies allowed.