BINARY BOMB LAB
Introduction
This project is a common project for anyone in a computer architecture course or anyone who needs to understand how assembly language works in tandem with computer code.
I go forth with the following assumptions:
- The reader is working with 32-bit system
- Or the user is working with Linux/Ubuntu
- The user has gcc compiler, and has gdb debugger
- The bomb that I was given was given as a .tar file, which contained 3 files:
The README file contains some (useless) information about the bomb, like the id of the bomb.
There are 3 useful files you can create from the bomb.c file.
Create a strings file containing all the bomb strings.
Create an assembly file containing all of the assembly code for the bomb
Create a symbols file containing all the assembly code for the bomb
$ objdump -d bomb > bomb-assembly
$ objdump -t bomb > bomb-symbols
$ strings bomb > bomb-strings
Now take a look at the assembly file and the strings file.
Both of these will end up being very useful for your bomb defusion. The
assembly file basically contains all of the required assembly code for each
phase.
The strings file can give you a good idea of what strings
might work without having to work too hard.
That being said, from the string file that I have, these
strings are the ones that stand out to be the most.
Welcome
to my fiendish little bomb. You have 9 phases with
which
to blow yourself up. Have a nice day!
Phase
1 defused. How about the next one?
That's
number 2. Keep going!
One
step closer.
Good
work! On to the next...
One
more!
So
you got that one. Try this one.
Impressive,
but how about this?
Good,
but you're not done yet.
So
you think you can stop the bomb with ctrl-c, do you?
devils
When
I get angry, Mr. Bigglesworth gets upset.
Border
relations with Canada have never been better.
maduiersnfotvbyl
Then I took a look at the assembly code, especially the main
function. I do this because I need to set break points whereever the function
calls for each bomb-phase.
08048abd
<main>:
...
8048b6f:
e8 30 0a 00 00 call 80495a4 <read_line>
8048b74:
89 04 24 mov %eax,(%esp)
8048b7c:
e8 1d 0b 00 00 call 804969e <phase_defused>
...
8048b95:
e8 2a 01 00 00 call 8048cc4 <phase_2>
8048b9a:
e8 ff 0a 00 00 call 804969e <phase_defused>
...
8048bb3:
e8 30 01 00 00 call 8048ce8 <phase_3>
8048bb8:
e8 e1 0a 00 00 call 804969e <phase_defused>
...
8048bd1:
e8 ab 01 00 00 call 8048d81 <phase_4>
8048bd6:
e8 c3 0a 00 00 call 804969e <phase_defused>
...
8048bef:
e8 e6 01 00 00 call 8048dda <phase_5>
8048bf4:
e8 a5 0a 00 00 call 804969e <phase_defused>
...
8048c0d:
e8 e7 02 00 00 call 8048ef9 <phase_6>
8048c12:
e8 87 0a 00 00 call 804969e <phase_defused>
...
8048c2b:
e8 32 03 00 00 call 8048f62 <phase_7>
8048c30:
e8 69 0a 00 00 call 804969e <phase_defused>
...
8048c49:
e8 9e 03 00 00 call 8048fec <phase_8>
8048c4e:
e8 4b 0a 00 00 call 804969e <phase_defused>
...
8048c67:
e8 a5 04 00 00 call 8049111 <phase_9>
8048c6c:
e8 2d 0a 00 00 call 804969e <phase_defused>
So now you can see all the phases and the calls for the defusing the bomb in the main function. To defuse the first bomb, we must go to the first phase!
No comments:
Post a Comment