Try to search your question here, if you can't find : Ask Any Question Now ?

Binary bomb lab phase 2. Creating the loop from assembly code

HomeCategory: stackoverflowBinary bomb lab phase 2. Creating the loop from assembly code
Avatarsourav asked 5 months ago

I have a general understanding of phase 2 for the binary bomb project but can’t work out the technical details. After adding a GDB breakpoint to stop the execution when phase_2 is reached, a disassembly (Linux command disas) outputs:

Dump of assembler code for function phase_2:
=> 0x000000000040109f <+0>:	push   %rbp
   0x00000000004010a0 <+1>:	push   %rbx
   0x00000000004010a1 <+2>:	sub    $0x28,%rsp
   0x00000000004010a5 <+6>:	mov    %rsp,%rsi
   0x00000000004010a8 <+9>:	callq  0x401445 <read_six_numbers>
   0x00000000004010ad <+14>:	cmpl   $0x1,(%rsp)
   0x00000000004010b1 <+18>:	je     0x4010b8 <phase_2+25>
   0x00000000004010b3 <+20>:	callq  0x40140f <explode_bomb>
   0x00000000004010b8 <+25>:	mov    %rsp,%rbp
   0x00000000004010bb <+28>:	lea    0x4(%rsp),%rbx
   0x00000000004010c0 <+33>:	add    $0x18,%rbp
   0x00000000004010c4 <+37>:	mov    -0x4(%rbx),%eax
   0x00000000004010c7 <+40>:	add    %eax,%eax
   0x00000000004010c9 <+42>:	cmp    %eax,(%rbx)
   0x00000000004010cb <+44>:	je     0x4010d2 <phase_2+51>
   0x00000000004010cd <+46>:	callq  0x40140f <explode_bomb>
   0x00000000004010d2 <+51>:	add    $0x4,%rbx
   0x00000000004010d6 <+55>:	cmp    %rbp,%rbx
   0x00000000004010d9 <+58>:	jne    0x4010c4 <phase_2+37>
   0x00000000004010db <+60>:	add    $0x28,%rsp
   0x00000000004010df <+64>:	pop    %rbx
   0x00000000004010e0 <+65>:	pop    %rbp
   0x00000000004010e1 <+66>:	retq   
End of assembler dump.

For testing purposes, I entered 1 2 3 4 5 6 for phase two. I can see that the comparison at memory address 0x00000000004010ad <+14> compares the value 1 to the first integer value generated from read_six_numbers(), which is one in this case, and then jumps over explode_bomb() after the comparison results in a true statement. Also that the value 1 gets added to itself at memory address 0x00000000004010c7 <+40>. After that, the only thing I can clearly see is that it is a loop which gets sent back to address 0x00000000004010c4 <+37> but I can’t quite determine the exact algorithm that creates this sequence of assembly code.

1 Answers
Best Answer
AvatarArben answered 5 months ago
Your Answer

9 + 12 =

Popular Tags

WP Facebook Auto Publish Powered By :