Question

defuse binary bomb

Asked by: dminh01

I have a homework in which I have to disassembler the code and figure out how to defuse the bomb. Can anyone help please

thanks

bomb-quiet:     file format elf32-i386

Disassembly of section .init:

08048718 <_init>:
 8048718:      55                         push   %ebp
 8048719:      89 e5                      mov    %esp,%ebp
 804871b:      83 ec 08                   sub    $0x8,%esp
 804871e:      e8 11 02 00 00             call   8048934 <call_gmon_start>
 8048723:      e8 64 02 00 00             call   804898c <frame_dummy>
 8048728:      e8 a3 0d 00 00             call   80494d0 <__do_global_ctors_aux>
 804872d:      c9                         leave  
 804872e:      c3                         ret    
Disassembly of section .plt:

08048730 <close@plt-0x10>:
 8048730:      ff 35 e4 a0 04 08          pushl  0x804a0e4
 8048736:      ff 25 e8 a0 04 08          jmp    *0x804a0e8
 804873c:      00 00                      add    %al,(%eax)
      ...

08048740 <close@plt>:
 8048740:      ff 25 ec a0 04 08          jmp    *0x804a0ec
 8048746:      68 00 00 00 00             push   $0x0
 804874b:      e9 e0 ff ff ff             jmp    8048730 <_init+0x18>

08048750 <fprintf@plt>:
 8048750:      ff 25 f0 a0 04 08          jmp    *0x804a0f0
 8048756:      68 08 00 00 00             push   $0x8
 804875b:      e9 d0 ff ff ff             jmp    8048730 <_init+0x18>

08048760 <tmpfile@plt>:
 8048760:      ff 25 f4 a0 04 08          jmp    *0x804a0f4
 8048766:      68 10 00 00 00             push   $0x10
 804876b:      e9 c0 ff ff ff             jmp    8048730 <_init+0x18>

08048770 <getenv@plt>:
 8048770:      ff 25 f8 a0 04 08          jmp    *0x804a0f8
 8048776:      68 18 00 00 00             push   $0x18
 804877b:      e9 b0 ff ff ff             jmp    8048730 <_init+0x18>

08048780 <signal@plt>:
 8048780:      ff 25 fc a0 04 08          jmp    *0x804a0fc
 8048786:      68 20 00 00 00             push   $0x20
 804878b:      e9 a0 ff ff ff             jmp    8048730 <_init+0x18>

08048790 <fflush@plt>:
 8048790:      ff 25 00 a1 04 08          jmp    *0x804a100
 8048796:      68 28 00 00 00             push   $0x28
 804879b:      e9 90 ff ff ff             jmp    8048730 <_init+0x18>

080487a0 <bcopy@plt>:
 80487a0:      ff 25 04 a1 04 08          jmp    *0x804a104
 80487a6:      68 30 00 00 00             push   $0x30
 80487ab:      e9 80 ff ff ff             jmp    8048730 <_init+0x18>

080487b0 <rewind@plt>:
 80487b0:      ff 25 08 a1 04 08          jmp    *0x804a108
 80487b6:      68 38 00 00 00             push   $0x38
 80487bb:      e9 70 ff ff ff             jmp    8048730 <_init+0x18>

080487c0 <system@plt>:
 80487c0:      ff 25 0c a1 04 08          jmp    *0x804a10c
 80487c6:      68 40 00 00 00             push   $0x40
 80487cb:      e9 60 ff ff ff             jmp    8048730 <_init+0x18>

080487d0 <puts@plt>:
 80487d0:      ff 25 10 a1 04 08          jmp    *0x804a110
 80487d6:      68 48 00 00 00             push   $0x48
 80487db:      e9 50 ff ff ff             jmp    8048730 <_init+0x18>

080487e0 <fgets@plt>:
 80487e0:      ff 25 14 a1 04 08          jmp    *0x804a114
 80487e6:      68 50 00 00 00             push   $0x50
 80487eb:      e9 40 ff ff ff             jmp    8048730 <_init+0x18>

080487f0 <sleep@plt>:
 80487f0:      ff 25 18 a1 04 08          jmp    *0x804a118
 80487f6:      68 58 00 00 00             push   $0x58
 80487fb:      e9 30 ff ff ff             jmp    8048730 <_init+0x18>

08048800 <__strtol_internal@plt>:
 8048800:      ff 25 1c a1 04 08          jmp    *0x804a11c
 8048806:      68 60 00 00 00             push   $0x60
 804880b:      e9 20 ff ff ff             jmp    8048730 <_init+0x18>

08048810 <fputc@plt>:
 8048810:      ff 25 20 a1 04 08          jmp    *0x804a120
 8048816:      68 68 00 00 00             push   $0x68
 804881b:      e9 10 ff ff ff             jmp    8048730 <_init+0x18>

08048820 <__libc_start_main@plt>:
 8048820:      ff 25 24 a1 04 08          jmp    *0x804a124
 8048826:      68 70 00 00 00             push   $0x70
 804882b:      e9 00 ff ff ff             jmp    8048730 <_init+0x18>

08048830 <printf@plt>:
 8048830:      ff 25 28 a1 04 08          jmp    *0x804a128
 8048836:      68 78 00 00 00             push   $0x78
 804883b:      e9 f0 fe ff ff             jmp    8048730 <_init+0x18>

08048840 <fclose@plt>:
 8048840:      ff 25 2c a1 04 08          jmp    *0x804a12c
 8048846:      68 80 00 00 00             push   $0x80
 804884b:      e9 e0 fe ff ff             jmp    8048730 <_init+0x18>

08048850 <gethostbyname@plt>:
 8048850:      ff 25 30 a1 04 08          jmp    *0x804a130
 8048856:      68 88 00 00 00             push   $0x88
 804885b:      e9 d0 fe ff ff             jmp    8048730 <_init+0x18>

08048860 <exit@plt>:
 8048860:      ff 25 34 a1 04 08          jmp    *0x804a134
 8048866:      68 90 00 00 00             push   $0x90
 804886b:      e9 c0 fe ff ff             jmp    8048730 <_init+0x18>

08048870 <sscanf@plt>:
 8048870:      ff 25 38 a1 04 08          jmp    *0x804a138
 8048876:      68 98 00 00 00             push   $0x98
 804887b:      e9 b0 fe ff ff             jmp    8048730 <_init+0x18>

08048880 <connect@plt>:
 8048880:      ff 25 3c a1 04 08          jmp    *0x804a13c
 8048886:      68 a0 00 00 00             push   $0xa0
 804888b:      e9 a0 fe ff ff             jmp    8048730 <_init+0x18>

08048890 <fopen@plt>:
 8048890:      ff 25 40 a1 04 08          jmp    *0x804a140
 8048896:      68 a8 00 00 00             push   $0xa8
 804889b:      e9 90 fe ff ff             jmp    8048730 <_init+0x18>

080488a0 <dup@plt>:
 80488a0:      ff 25 44 a1 04 08          jmp    *0x804a144
 80488a6:      68 b0 00 00 00             push   $0xb0
 80488ab:      e9 80 fe ff ff             jmp    8048730 <_init+0x18>

080488b0 <sprintf@plt>:
 80488b0:      ff 25 48 a1 04 08          jmp    *0x804a148
 80488b6:      68 b8 00 00 00             push   $0xb8
 80488bb:      e9 70 fe ff ff             jmp    8048730 <_init+0x18>

080488c0 <fwrite@plt>:
 80488c0:      ff 25 4c a1 04 08          jmp    *0x804a14c
 80488c6:      68 c0 00 00 00             push   $0xc0
 80488cb:      e9 60 fe ff ff             jmp    8048730 <_init+0x18>

080488d0 <socket@plt>:
 80488d0:      ff 25 50 a1 04 08          jmp    *0x804a150
 80488d6:      68 c8 00 00 00             push   $0xc8
 80488db:      e9 50 fe ff ff             jmp    8048730 <_init+0x18>

080488e0 <__ctype_b_loc@plt>:
 80488e0:      ff 25 54 a1 04 08          jmp    *0x804a154
 80488e6:      68 d0 00 00 00             push   $0xd0
 80488eb:      e9 40 fe ff ff             jmp    8048730 <_init+0x18>

080488f0 <cuserid@plt>:
 80488f0:      ff 25 58 a1 04 08          jmp    *0x804a158
 80488f6:      68 d8 00 00 00             push   $0xd8
 80488fb:      e9 30 fe ff ff             jmp    8048730 <_init+0x18>

08048900 <strcpy@plt>:
 8048900:      ff 25 5c a1 04 08          jmp    *0x804a15c
 8048906:      68 e0 00 00 00             push   $0xe0
 804890b:      e9 20 fe ff ff             jmp    8048730 <_init+0x18>
Disassembly of section .text:

08048910 <_start>:
 8048910:      31 ed                      xor    %ebp,%ebp
 8048912:      5e                         pop    %esi
 8048913:      89 e1                      mov    %esp,%ecx
 8048915:      83 e4 f0                   and    $0xfffffff0,%esp
 8048918:      50                         push   %eax
 8048919:      54                         push   %esp
 804891a:      52                         push   %edx
 804891b:      68 8c 94 04 08             push   $0x804948c
 8048920:      68 38 94 04 08             push   $0x8049438
 8048925:      51                         push   %ecx
 8048926:      56                         push   %esi
 8048927:      68 b8 89 04 08             push   $0x80489b8
 804892c:      e8 ef fe ff ff             call   8048820 <__libc_start_main@plt>
 8048931:      f4                         hlt    
 8048932:      90                         nop    
 8048933:      90                         nop    

08048934 <call_gmon_start>:
 8048934:      55                         push   %ebp
 8048935:      89 e5                      mov    %esp,%ebp
 8048937:      53                         push   %ebx
 8048938:      e8 00 00 00 00             call   804893d <call_gmon_start+0x9>
 804893d:      5b                         pop    %ebx
 804893e:      81 c3 a3 17 00 00          add    $0x17a3,%ebx
 8048944:      52                         push   %edx
 8048945:      8b 83 fc ff ff ff          mov    0xfffffffc(%ebx),%eax
 804894b:      85 c0                      test   %eax,%eax
 804894d:      74 02                      je     8048951 <call_gmon_start+0x1d>
 804894f:      ff d0                      call   *%eax
 8048951:      58                         pop    %eax
 8048952:      5b                         pop    %ebx
 8048953:      c9                         leave  
 8048954:      c3                         ret    
 8048955:      90                         nop    
 8048956:      90                         nop    
 8048957:      90                         nop    

08048958 <__do_global_dtors_aux>:
 8048958:      55                         push   %ebp
 8048959:      89 e5                      mov    %esp,%ebp
 804895b:      83 ec 08                   sub    $0x8,%esp
 804895e:      80 3d 68 a8 04 08 00       cmpb   $0x0,0x804a868
 8048965:      74 0f                      je     8048976 <__do_global_dtors_aux+0x1e>
 8048967:      eb 1f                      jmp    8048988 <__do_global_dtors_aux+0x30>
 8048969:      8d 76 00                   lea    0x0(%esi),%esi
 804896c:      83 c0 04                   add    $0x4,%eax
 804896f:      a3 68 a1 04 08             mov    %eax,0x804a168
 8048974:      ff d2                      call   *%edx
 8048976:      a1 68 a1 04 08             mov    0x804a168,%eax
 804897b:      8b 10                      mov    (%eax),%edx
 804897d:      85 d2                      test   %edx,%edx
 804897f:      75 eb                      jne    804896c <__do_global_dtors_aux+0x14>
 8048981:      c6 05 68 a8 04 08 01       movb   $0x1,0x804a868
 8048988:      c9                         leave  
 8048989:      c3                         ret    
 804898a:      89 f6                      mov    %esi,%esi

0804898c <frame_dummy>:
 804898c:      55                         push   %ebp
 804898d:      89 e5                      mov    %esp,%ebp
 804898f:      83 ec 08                   sub    $0x8,%esp
 8048992:      a1 10 a0 04 08             mov    0x804a010,%eax
 8048997:      85 c0                      test   %eax,%eax
 8048999:      74 19                      je     80489b4 <frame_dummy+0x28>
 804899b:      b8 00 00 00 00             mov    $0x0,%eax
 80489a0:      85 c0                      test   %eax,%eax
 80489a2:      74 10                      je     80489b4 <frame_dummy+0x28>
 80489a4:      83 ec 0c                   sub    $0xc,%esp
 80489a7:      68 10 a0 04 08             push   $0x804a010
 80489ac:      ff d0                      call   *%eax
 80489ae:      83 c4 10                   add    $0x10,%esp
 80489b1:      8d 76 00                   lea    0x0(%esi),%esi
 80489b4:      c9                         leave  
 80489b5:      c3                         ret    
 80489b6:      90                         nop    
 80489b7:      90                         nop    

080489b8 <main>:
 80489b8:      55                         push   %ebp
 80489b9:      89 e5                      mov    %esp,%ebp
 80489bb:      53                         push   %ebx
 80489bc:      83 ec 04                   sub    $0x4,%esp
 80489bf:      8b 45 08                   mov    0x8(%ebp),%eax
 80489c2:      8b 5d 0c                   mov    0xc(%ebp),%ebx
 80489c5:      83 e4 f0                   and    $0xfffffff0,%esp
 80489c8:      83 ec 10                   sub    $0x10,%esp
 80489cb:      83 f8 01                   cmp    $0x1,%eax
 80489ce:      75 0c                      jne    80489dc <main+0x24>
 80489d0:      a1 64 a8 04 08             mov    0x804a864,%eax
 80489d5:      a3 70 a8 04 08             mov    %eax,0x804a870
 80489da:      eb 5a                      jmp    8048a36 <main+0x7e>
 80489dc:      83 f8 02                   cmp    $0x2,%eax
 80489df:      75 3a                      jne    8048a1b <main+0x63>
 80489e1:      83 ec 08                   sub    $0x8,%esp
 80489e4:      68 84 97 04 08             push   $0x8049784
 80489e9:      ff 73 04                   pushl  0x4(%ebx)
 80489ec:      e8 9f fe ff ff             call   8048890 <fopen@plt>
 80489f1:      a3 70 a8 04 08             mov    %eax,0x804a870
 80489f6:      83 c4 10                   add    $0x10,%esp
 80489f9:      85 c0                      test   %eax,%eax
 80489fb:      75 39                      jne    8048a36 <main+0x7e>
 80489fd:      83 ec 04                   sub    $0x4,%esp
 8048a00:      ff 73 04                   pushl  0x4(%ebx)
 8048a03:      ff 33                      pushl  (%ebx)
 8048a05:      68 18 95 04 08             push   $0x8049518
 8048a0a:      e8 21 fe ff ff             call   8048830 <printf@plt>
 8048a0f:      c7 04 24 08 00 00 00       movl   $0x8,(%esp)
 8048a16:      e8 45 fe ff ff             call   8048860 <exit@plt>
 8048a1b:      83 ec 08                   sub    $0x8,%esp
 8048a1e:      ff 33                      pushl  (%ebx)
 8048a20:      68 35 95 04 08             push   $0x8049535
 8048a25:      e8 06 fe ff ff             call   8048830 <printf@plt>
 8048a2a:      c7 04 24 08 00 00 00       movl   $0x8,(%esp)
 8048a31:      e8 2a fe ff ff             call   8048860 <exit@plt>
 8048a36:      e8 b4 05 00 00             call   8048fef <initialize_bomb>
 8048a3b:      83 ec 0c                   sub    $0xc,%esp
 8048a3e:      68 9c 95 04 08             push   $0x804959c
 8048a43:      e8 88 fd ff ff             call   80487d0 <puts@plt>
 8048a48:      c7 04 24 d8 95 04 08       movl   $0x80495d8,(%esp)
 8048a4f:      e8 7c fd ff ff             call   80487d0 <puts@plt>
 8048a54:      e8 2a 06 00 00             call   8049083 <read_line>
 8048a59:      89 04 24                   mov    %eax,(%esp)
 8048a5c:      e8 a7 00 00 00             call   8048b08 <phase_1>
 8048a61:      e8 58 09 00 00             call   80493be <phase_defused>
 8048a66:      c7 04 24 04 96 04 08       movl   $0x8049604,(%esp)
 8048a6d:      e8 5e fd ff ff             call   80487d0 <puts@plt>
 8048a72:      e8 0c 06 00 00             call   8049083 <read_line>
 8048a77:      89 04 24                   mov    %eax,(%esp)
 8048a7a:      e8 aa 00 00 00             call   8048b29 <phase_2>
 8048a7f:      e8 3a 09 00 00             call   80493be <phase_defused>
 8048a84:      c7 04 24 4f 95 04 08       movl   $0x804954f,(%esp)
 8048a8b:      e8 40 fd ff ff             call   80487d0 <puts@plt>
 8048a90:      e8 ee 05 00 00             call   8049083 <read_line>
 8048a95:      89 04 24                   mov    %eax,(%esp)
 8048a98:      e8 d0 00 00 00             call   8048b6d <phase_3>
 8048a9d:      e8 1c 09 00 00             call   80493be <phase_defused>
 8048aa2:      c7 04 24 6d 95 04 08       movl   $0x804956d,(%esp)
 8048aa9:      e8 22 fd ff ff             call   80487d0 <puts@plt>
 8048aae:      e8 d0 05 00 00             call   8049083 <read_line>
 8048ab3:      89 04 24                   mov    %eax,(%esp)
 8048ab6:      e8 64 01 00 00             call   8048c1f <phase_4>
 8048abb:      e8 fe 08 00 00             call   80493be <phase_defused>
 8048ac0:      c7 04 24 30 96 04 08       movl   $0x8049630,(%esp)
 8048ac7:      e8 04 fd ff ff             call   80487d0 <puts@plt>
 8048acc:      e8 b2 05 00 00             call   8049083 <read_line>
 8048ad1:      89 04 24                   mov    %eax,(%esp)
 8048ad4:      e8 87 01 00 00             call   8048c60 <phase_5>
 8048ad9:      e8 e0 08 00 00             call   80493be <phase_defused>
 8048ade:      c7 04 24 7c 95 04 08       movl   $0x804957c,(%esp)
 8048ae5:      e8 e6 fc ff ff             call   80487d0 <puts@plt>
 8048aea:      e8 94 05 00 00             call   8049083 <read_line>
 8048aef:      89 04 24                   mov    %eax,(%esp)
 8048af2:      e8 21 02 00 00             call   8048d18 <phase_6>
 8048af7:      e8 c2 08 00 00             call   80493be <phase_defused>
 8048afc:      b8 00 00 00 00             mov    $0x0,%eax
 8048b01:      8b 5d fc                   mov    0xfffffffc(%ebp),%ebx
 8048b04:      c9                         leave  
 8048b05:      c3                         ret    
 8048b06:      90                         nop    
 8048b07:      90                         nop    

08048b08 <phase_1>:
 8048b08:      55                         push   %ebp
 8048b09:      89 e5                      mov    %esp,%ebp
 8048b0b:      83 ec 10                   sub    $0x10,%esp
 8048b0e:      68 54 96 04 08             push   $0x8049654
 8048b13:      ff 75 08                   pushl  0x8(%ebp)
 8048b16:      e8 ad 03 00 00             call   8048ec8 <strings_not_equal>
 8048b1b:      83 c4 10                   add    $0x10,%esp
 8048b1e:      85 c0                      test   %eax,%eax
 8048b20:      74 05                      je     8048b27 <phase_1+0x1f>
 8048b22:      e8 6f 08 00 00             call   8049396 <explode_bomb>
 8048b27:      c9                         leave  
 8048b28:      c3                         ret    

08048b29 <phase_2>:
 8048b29:      55                         push   %ebp
 8048b2a:      89 e5                      mov    %esp,%ebp
 8048b2c:      53                         push   %ebx
 8048b2d:      83 ec 2c                   sub    $0x2c,%esp
 8048b30:      8d 45 d8                   lea    0xffffffd8(%ebp),%eax
 8048b33:      50                         push   %eax
 8048b34:      ff 75 08                   pushl  0x8(%ebp)
 8048b37:      e8 39 03 00 00             call   8048e75 <read_six_numbers>
 8048b3c:      83 c4 10                   add    $0x10,%esp
 8048b3f:      83 7d d8 01                cmpl   $0x1,0xffffffd8(%ebp)
 8048b43:      74 05                      je     8048b4a <phase_2+0x21>
 8048b45:      e8 4c 08 00 00             call   8049396 <explode_bomb>
 8048b4a:      bb 01 00 00 00             mov    $0x1,%ebx
 8048b4f:      8d 43 01                   lea    0x1(%ebx),%eax
 8048b52:      0f af 44 9d d4             imul   0xffffffd4(%ebp,%ebx,4),%eax
 8048b57:      39 44 9d d8                cmp    %eax,0xffffffd8(%ebp,%ebx,4)
 8048b5b:      74 05                      je     8048b62 <phase_2+0x39>
 8048b5d:      e8 34 08 00 00             call   8049396 <explode_bomb>
 8048b62:      43                         inc    %ebx
 8048b63:      83 fb 05                   cmp    $0x5,%ebx
 8048b66:      7e e7                      jle    8048b4f <phase_2+0x26>
 8048b68:      8b 5d fc                   mov    0xfffffffc(%ebp),%ebx
 8048b6b:      c9                         leave  
 8048b6c:      c3                         ret    

08048b6d <phase_3>:
 8048b6d:      55                         push   %ebp
 8048b6e:      89 e5                      mov    %esp,%ebp
 8048b70:      53                         push   %ebx
 8048b71:      83 ec 14                   sub    $0x14,%esp
 8048b74:      bb 00 00 00 00             mov    $0x0,%ebx
 8048b79:      8d 45 f8                   lea    0xfffffff8(%ebp),%eax
 8048b7c:      50                         push   %eax
 8048b7d:      8d 45 f4                   lea    0xfffffff4(%ebp),%eax
 8048b80:      50                         push   %eax
 8048b81:      68 fe 96 04 08             push   $0x80496fe
 8048b86:      ff 75 08                   pushl  0x8(%ebp)
 8048b89:      e8 e2 fc ff ff             call   8048870 <sscanf@plt>
 8048b8e:      83 c4 10                   add    $0x10,%esp
 8048b91:      83 f8 01                   cmp    $0x1,%eax
 8048b94:      7f 05                      jg     8048b9b <phase_3+0x2e>
 8048b96:      e8 fb 07 00 00             call   8049396 <explode_bomb>
 8048b9b:      83 7d f4 07                cmpl   $0x7,0xfffffff4(%ebp)
 8048b9f:      77 42                      ja     8048be3 <phase_3+0x76>
 8048ba1:      8b 45 f4                   mov    0xfffffff4(%ebp),%eax
 8048ba4:      ff 24 85 ac 96 04 08       jmp    *0x80496ac(,%eax,4)
 8048bab:      bb 88 02 00 00             mov    $0x288,%ebx
 8048bb0:      eb 36                      jmp    8048be8 <phase_3+0x7b>
 8048bb2:      bb 3d 03 00 00             mov    $0x33d,%ebx
 8048bb7:      eb 2f                      jmp    8048be8 <phase_3+0x7b>
 8048bb9:      bb 92 03 00 00             mov    $0x392,%ebx
 8048bbe:      eb 28                      jmp    8048be8 <phase_3+0x7b>
 8048bc0:      bb 61 00 00 00             mov    $0x61,%ebx
 8048bc5:      eb 21                      jmp    8048be8 <phase_3+0x7b>
 8048bc7:      bb b6 02 00 00             mov    $0x2b6,%ebx
 8048bcc:      eb 1a                      jmp    8048be8 <phase_3+0x7b>
 8048bce:      bb bf 00 00 00             mov    $0xbf,%ebx
 8048bd3:      eb 13                      jmp    8048be8 <phase_3+0x7b>
 8048bd5:      bb 65 01 00 00             mov    $0x165,%ebx
 8048bda:      eb 0c                      jmp    8048be8 <phase_3+0x7b>
 8048bdc:      bb 82 01 00 00             mov    $0x182,%ebx
 8048be1:      eb 05                      jmp    8048be8 <phase_3+0x7b>
 8048be3:      e8 ae 07 00 00             call   8049396 <explode_bomb>
 8048be8:      3b 5d f8                   cmp    0xfffffff8(%ebp),%ebx
 8048beb:      74 05                      je     8048bf2 <phase_3+0x85>
 8048bed:      e8 a4 07 00 00             call   8049396 <explode_bomb>
 8048bf2:      8b 5d fc                   mov    0xfffffffc(%ebp),%ebx
 8048bf5:      c9                         leave  
 8048bf6:      c3                         ret    

08048bf7 <func4>:
 8048bf7:      55                         push   %ebp
 8048bf8:      89 e5                      mov    %esp,%ebp
 8048bfa:      8b 55 08                   mov    0x8(%ebp),%edx
 8048bfd:      b8 01 00 00 00             mov    $0x1,%eax
 8048c02:      85 d2                      test   %edx,%edx
 8048c04:      7e 17                      jle    8048c1d <func4+0x26>
 8048c06:      83 ec 0c                   sub    $0xc,%esp
 8048c09:      8d 42 ff                   lea    0xffffffff(%edx),%eax
 8048c0c:      50                         push   %eax
 8048c0d:      e8 e5 ff ff ff             call   8048bf7 <func4>
 8048c12:      8d 14 c5 00 00 00 00       lea    0x0(,%eax,8),%edx
 8048c19:      29 c2                      sub    %eax,%edx
 8048c1b:      89 d0                      mov    %edx,%eax
 8048c1d:      c9                         leave  
 8048c1e:      c3                         ret    

08048c1f <phase_4>:
 8048c1f:      55                         push   %ebp
 8048c20:      89 e5                      mov    %esp,%ebp
 8048c22:      83 ec 0c                   sub    $0xc,%esp
 8048c25:      8d 45 fc                   lea    0xfffffffc(%ebp),%eax
 8048c28:      50                         push   %eax
 8048c29:      68 01 97 04 08             push   $0x8049701
 8048c2e:      ff 75 08                   pushl  0x8(%ebp)
 8048c31:      e8 3a fc ff ff             call   8048870 <sscanf@plt>
 8048c36:      83 c4 10                   add    $0x10,%esp
 8048c39:      83 f8 01                   cmp    $0x1,%eax
 8048c3c:      75 06                      jne    8048c44 <phase_4+0x25>
 8048c3e:      83 7d fc 00                cmpl   $0x0,0xfffffffc(%ebp)
 8048c42:      7f 05                      jg     8048c49 <phase_4+0x2a>
 8048c44:      e8 4d 07 00 00             call   8049396 <explode_bomb>
 8048c49:      ff 75 fc                   pushl  0xfffffffc(%ebp)
 8048c4c:      e8 a6 ff ff ff             call   8048bf7 <func4>
 8048c51:      83 c4 04                   add    $0x4,%esp
 8048c54:      83 f8 31                   cmp    $0x31,%eax
 8048c57:      74 05                      je     8048c5e <phase_4+0x3f>
 8048c59:      e8 38 07 00 00             call   8049396 <explode_bomb>
 8048c5e:      c9                         leave  
 8048c5f:      c3                         ret    

08048c60 <phase_5>:
 8048c60:      55                         push   %ebp
 8048c61:      89 e5                      mov    %esp,%ebp
 8048c63:      53                         push   %ebx
 8048c64:      83 ec 14                   sub    $0x14,%esp
 8048c67:      8d 45 f8                   lea    0xfffffff8(%ebp),%eax
 8048c6a:      50                         push   %eax
 8048c6b:      8d 45 f4                   lea    0xfffffff4(%ebp),%eax
 8048c6e:      50                         push   %eax
 8048c6f:      68 fe 96 04 08             push   $0x80496fe
 8048c74:      ff 75 08                   pushl  0x8(%ebp)
 8048c77:      e8 f4 fb ff ff             call   8048870 <sscanf@plt>
 8048c7c:      83 c4 10                   add    $0x10,%esp
 8048c7f:      83 f8 01                   cmp    $0x1,%eax
 8048c82:      7f 05                      jg     8048c89 <phase_5+0x29>
 8048c84:      e8 0d 07 00 00             call   8049396 <explode_bomb>
 8048c89:      8b 45 f4                   mov    0xfffffff4(%ebp),%eax
 8048c8c:      83 e0 0f                   and    $0xf,%eax
 8048c8f:      89 45 f4                   mov    %eax,0xfffffff4(%ebp)
 8048c92:      ba 00 00 00 00             mov    $0x0,%edx
 8048c97:      b9 00 00 00 00             mov    $0x0,%ecx
 8048c9c:      83 f8 0f                   cmp    $0xf,%eax
 8048c9f:      74 13                      je     8048cb4 <phase_5+0x54>
 8048ca1:      bb a0 a5 04 08             mov    $0x804a5a0,%ebx
 8048ca6:      42                         inc    %edx
 8048ca7:      8b 04 83                   mov    (%ebx,%eax,4),%eax
 8048caa:      01 c1                      add    %eax,%ecx
 8048cac:      83 f8 0f                   cmp    $0xf,%eax
 8048caf:      75 f5                      jne    8048ca6 <phase_5+0x46>
 8048cb1:      89 45 f4                   mov    %eax,0xfffffff4(%ebp)
 8048cb4:      83 fa 08                   cmp    $0x8,%edx
 8048cb7:      75 05                      jne    8048cbe <phase_5+0x5e>
 8048cb9:      3b 4d f8                   cmp    0xfffffff8(%ebp),%ecx
 8048cbc:      74 05                      je     8048cc3 <phase_5+0x63>
 8048cbe:      e8 d3 06 00 00             call   8049396 <explode_bomb>
 8048cc3:      8b 5d fc                   mov    0xfffffffc(%ebp),%ebx
 8048cc6:      c9                         leave  
 8048cc7:      c3                         ret    

08048cc8 <fun6>:
 8048cc8:      55                         push   %ebp
 8048cc9:      89 e5                      mov    %esp,%ebp
 8048ccb:      56                         push   %esi
 8048ccc:      53                         push   %ebx
 8048ccd:      8b 75 08                   mov    0x8(%ebp),%esi
 8048cd0:      8b 5e 08                   mov    0x8(%esi),%ebx
 8048cd3:      c7 46 08 00 00 00 00       movl   $0x0,0x8(%esi)
 8048cda:      85 db                      test   %ebx,%ebx
 8048cdc:      74 34                      je     8048d12 <fun6+0x4a>
 8048cde:      89 f2                      mov    %esi,%edx
 8048ce0:      89 f1                      mov    %esi,%ecx
 8048ce2:      85 f6                      test   %esi,%esi
 8048ce4:      74 15                      je     8048cfb <fun6+0x33>
 8048ce6:      8b 06                      mov    (%esi),%eax
 8048ce8:      3b 03                      cmp    (%ebx),%eax
 8048cea:      7e 0f                      jle    8048cfb <fun6+0x33>
 8048cec:      89 d1                      mov    %edx,%ecx
 8048cee:      8b 52 08                   mov    0x8(%edx),%edx
 8048cf1:      85 d2                      test   %edx,%edx
 8048cf3:      74 06                      je     8048cfb <fun6+0x33>
 8048cf5:      8b 02                      mov    (%edx),%eax
 8048cf7:      3b 03                      cmp    (%ebx),%eax
 8048cf9:      7f f1                      jg     8048cec <fun6+0x24>
 8048cfb:      39 d1                      cmp    %edx,%ecx
 8048cfd:      74 05                      je     8048d04 <fun6+0x3c>
 8048cff:      89 59 08                   mov    %ebx,0x8(%ecx)
 8048d02:      eb 02                      jmp    8048d06 <fun6+0x3e>
 8048d04:      89 de                      mov    %ebx,%esi
 8048d06:      8b 4b 08                   mov    0x8(%ebx),%ecx
 8048d09:      89 53 08                   mov    %edx,0x8(%ebx)
 8048d0c:      89 cb                      mov    %ecx,%ebx
 8048d0e:      85 c9                      test   %ecx,%ecx
 8048d10:      75 cc                      jne    8048cde <fun6+0x16>
 8048d12:      89 f0                      mov    %esi,%eax
 8048d14:      5b                         pop    %ebx
 8048d15:      5e                         pop    %esi
 8048d16:      c9                         leave  
 8048d17:      c3                         ret    

08048d18 <phase_6>:
 8048d18:      55                         push   %ebp
 8048d19:      89 e5                      mov    %esp,%ebp
 8048d1b:      83 ec 08                   sub    $0x8,%esp
 8048d1e:      6a 00                      push   $0x0
 8048d20:      6a 0a                      push   $0xa
 8048d22:      6a 00                      push   $0x0
 8048d24:      ff 75 08                   pushl  0x8(%ebp)
 8048d27:      e8 d4 fa ff ff             call   8048800 <__strtol_internal@plt>
 8048d2c:      83 c4 10                   add    $0x10,%esp
 8048d2f:      a3 4c a6 04 08             mov    %eax,0x804a64c
 8048d34:      68 4c a6 04 08             push   $0x804a64c
 8048d39:      e8 8a ff ff ff             call   8048cc8 <fun6>
 8048d3e:      ba 01 00 00 00             mov    $0x1,%edx
 8048d43:      83 c4 04                   add    $0x4,%esp
 8048d46:      8b 40 08                   mov    0x8(%eax),%eax
 8048d49:      42                         inc    %edx
 8048d4a:      83 fa 07                   cmp    $0x7,%edx
 8048d4d:      7e f7                      jle    8048d46 <phase_6+0x2e>
 8048d4f:      8b 00                      mov    (%eax),%eax
 8048d51:      3b 05 4c a6 04 08          cmp    0x804a64c,%eax
 8048d57:      74 05                      je     8048d5e <phase_6+0x46>
 8048d59:      e8 38 06 00 00             call   8049396 <explode_bomb>
 8048d5e:      c9                         leave  
 8048d5f:      c3                         ret    

08048d60 <fun7>:
 8048d60:      55                         push   %ebp
 8048d61:      89 e5                      mov    %esp,%ebp
 8048d63:      8b 55 08                   mov    0x8(%ebp),%edx
 8048d66:      8b 4d 0c                   mov    0xc(%ebp),%ecx
 8048d69:      b8 ff ff ff ff             mov    $0xffffffff,%eax
 8048d6e:      85 d2                      test   %edx,%edx
 8048d70:      74 2d                      je     8048d9f <fun7+0x3f>
 8048d72:      39 0a                      cmp    %ecx,(%edx)
 8048d74:      7e 10                      jle    8048d86 <fun7+0x26>
 8048d76:      83 ec 08                   sub    $0x8,%esp
 8048d79:      51                         push   %ecx
 8048d7a:      ff 72 04                   pushl  0x4(%edx)
 8048d7d:      e8 de ff ff ff             call   8048d60 <fun7>
 8048d82:      d1 e0                      shl    %eax
 8048d84:      eb 19                      jmp    8048d9f <fun7+0x3f>
 8048d86:      b8 00 00 00 00             mov    $0x0,%eax
 8048d8b:      39 0a                      cmp    %ecx,(%edx)
 8048d8d:      74 10                      je     8048d9f <fun7+0x3f>
 8048d8f:      83 ec 08                   sub    $0x8,%esp
 8048d92:      51                         push   %ecx
 8048d93:      ff 72 08                   pushl  0x8(%edx)
 8048d96:      e8 c5 ff ff ff             call   8048d60 <fun7>
 8048d9b:      8d 44 00 01                lea    0x1(%eax,%eax,1),%eax
 8048d9f:      c9                         leave  
 8048da0:      c3                         ret    

08048da1 <secret_phase>:
 8048da1:      55                         push   %ebp
 8048da2:      89 e5                      mov    %esp,%ebp
 8048da4:      53                         push   %ebx
 8048da5:      83 ec 04                   sub    $0x4,%esp
 8048da8:      e8 d6 02 00 00             call   8049083 <read_line>
 8048dad:      6a 00                      push   $0x0
 8048daf:      6a 0a                      push   $0xa
 8048db1:      6a 00                      push   $0x0
 8048db3:      50                         push   %eax
 8048db4:      e8 47 fa ff ff             call   8048800 <__strtol_internal@plt>
 8048db9:      83 c4 10                   add    $0x10,%esp
 8048dbc:      89 c3                      mov    %eax,%ebx
 8048dbe:      8d 40 ff                   lea    0xffffffff(%eax),%eax
 8048dc1:      3d e8 03 00 00             cmp    $0x3e8,%eax
 8048dc6:      76 05                      jbe    8048dcd <secret_phase+0x2c>
 8048dc8:      e8 c9 05 00 00             call   8049396 <explode_bomb>
 8048dcd:      53                         push   %ebx
 8048dce:      68 00 a7 04 08             push   $0x804a700
 8048dd3:      e8 88 ff ff ff             call   8048d60 <fun7>
 8048dd8:      83 c4 08                   add    $0x8,%esp
 8048ddb:      85 c0                      test   %eax,%eax
 8048ddd:      74 05                      je     8048de4 <secret_phase+0x43>
 8048ddf:      e8 b2 05 00 00             call   8049396 <explode_bomb>
 8048de4:      83 ec 0c                   sub    $0xc,%esp
 8048de7:      68 84 96 04 08             push   $0x8049684
 8048dec:      e8 df f9 ff ff             call   80487d0 <puts@plt>
 8048df1:      e8 c8 05 00 00             call   80493be <phase_defused>
 8048df6:      8b 5d fc                   mov    0xfffffffc(%ebp),%ebx
 8048df9:      c9                         leave  
 8048dfa:      c3                         ret    
 8048dfb:      90                         nop    

08048dfc <sig_handler>:
 8048dfc:      55                         push   %ebp
 8048dfd:      89 e5                      mov    %esp,%ebp
 8048dff:      83 ec 14                   sub    $0x14,%esp
 8048e02:      68 ec 98 04 08             push   $0x80498ec
 8048e07:      e8 c4 f9 ff ff             call   80487d0 <puts@plt>
 8048e0c:      c7 04 24 03 00 00 00       movl   $0x3,(%esp)
 8048e13:      e8 d8 f9 ff ff             call   80487f0 <sleep@plt>
 8048e18:      c7 04 24 d1 96 04 08       movl   $0x80496d1,(%esp)
 8048e1f:      e8 0c fa ff ff             call   8048830 <printf@plt>
 8048e24:      83 c4 04                   add    $0x4,%esp
 8048e27:      ff 35 60 a8 04 08          pushl  0x804a860
 8048e2d:      e8 5e f9 ff ff             call   8048790 <fflush@plt>
 8048e32:      c7 04 24 01 00 00 00       movl   $0x1,(%esp)
 8048e39:      e8 b2 f9 ff ff             call   80487f0 <sleep@plt>
 8048e3e:      c7 04 24 d9 96 04 08       movl   $0x80496d9,(%esp)
 8048e45:      e8 86 f9 ff ff             call   80487d0 <puts@plt>
 8048e4a:      c7 04 24 10 00 00 00       movl   $0x10,(%esp)
 8048e51:      e8 0a fa ff ff             call   8048860 <exit@plt>

08048e56 <invalid_phase>:
 8048e56:      55                         push   %ebp
 8048e57:      89 e5                      mov    %esp,%ebp
 8048e59:      83 ec 10                   sub    $0x10,%esp
 8048e5c:      ff 75 08                   pushl  0x8(%ebp)
 8048e5f:      68 e1 96 04 08             push   $0x80496e1
 8048e64:      e8 c7 f9 ff ff             call   8048830 <printf@plt>
 8048e69:      c7 04 24 08 00 00 00       movl   $0x8,(%esp)
 8048e70:      e8 eb f9 ff ff             call   8048860 <exit@plt>

08048e75 <read_six_numbers>:
 8048e75:      55                         push   %ebp
 8048e76:      89 e5                      mov    %esp,%ebp
 8048e78:      83 ec 08                   sub    $0x8,%esp
 8048e7b:      8b 55 0c                   mov    0xc(%ebp),%edx
 8048e7e:      8d 42 14                   lea    0x14(%edx),%eax
 8048e81:      50                         push   %eax
 8048e82:      8d 42 10                   lea    0x10(%edx),%eax
 8048e85:      50                         push   %eax
 8048e86:      8d 42 0c                   lea    0xc(%edx),%eax
 8048e89:      50                         push   %eax
 8048e8a:      8d 42 08                   lea    0x8(%edx),%eax
 8048e8d:      50                         push   %eax
 8048e8e:      8d 42 04                   lea    0x4(%edx),%eax
 8048e91:      50                         push   %eax
 8048e92:      52                         push   %edx
 8048e93:      68 f2 96 04 08             push   $0x80496f2
 8048e98:      ff 75 08                   pushl  0x8(%ebp)
 8048e9b:      e8 d0 f9 ff ff             call   8048870 <sscanf@plt>
 8048ea0:      83 c4 20                   add    $0x20,%esp
 8048ea3:      83 f8 05                   cmp    $0x5,%eax
 8048ea6:      7f 05                      jg     8048ead <read_six_numbers+0x38>
 8048ea8:      e8 e9 04 00 00             call   8049396 <explode_bomb>
 8048ead:      c9                         leave  
 8048eae:      c3                         ret    

08048eaf <string_length>:
 8048eaf:      55                         push   %ebp
 8048eb0:      89 e5                      mov    %esp,%ebp
 8048eb2:      8b 55 08                   mov    0x8(%ebp),%edx
 8048eb5:      b8 00 00 00 00             mov    $0x0,%eax
 8048eba:      80 3a 00                   cmpb   $0x0,(%edx)
 8048ebd:      74 07                      je     8048ec6 <string_length+0x17>
 8048ebf:      42                         inc    %edx
 8048ec0:      40                         inc    %eax
 8048ec1:      80 3a 00                   cmpb   $0x0,(%edx)
 8048ec4:      75 f9                      jne    8048ebf <string_length+0x10>
 8048ec6:      c9                         leave  
 8048ec7:      c3                         ret    

08048ec8 <strings_not_equal>:
 8048ec8:      55                         push   %ebp
 8048ec9:      89 e5                      mov    %esp,%ebp
 8048ecb:      57                         push   %edi
 8048ecc:      56                         push   %esi
 8048ecd:      53                         push   %ebx
 8048ece:      8b 75 08                   mov    0x8(%ebp),%esi
 8048ed1:      8b 7d 0c                   mov    0xc(%ebp),%edi
 8048ed4:      56                         push   %esi
 8048ed5:      e8 d5 ff ff ff             call   8048eaf <string_length>
 8048eda:      89 c3                      mov    %eax,%ebx
 8048edc:      57                         push   %edi
 8048edd:      e8 cd ff ff ff             call   8048eaf <string_length>
 8048ee2:      83 c4 08                   add    $0x8,%esp
 8048ee5:      ba 01 00 00 00             mov    $0x1,%edx
 8048eea:      39 c3                      cmp    %eax,%ebx
 8048eec:      75 24                      jne    8048f12 <strings_not_equal+0x4a>
 8048eee:      eb 07                      jmp    8048ef7 <strings_not_equal+0x2f>
 8048ef0:      ba 01 00 00 00             mov    $0x1,%edx
 8048ef5:      eb 1b                      jmp    8048f12 <strings_not_equal+0x4a>
 8048ef7:      89 f2                      mov    %esi,%edx
 8048ef9:      89 f9                      mov    %edi,%ecx
 8048efb:      80 3e 00                   cmpb   $0x0,(%esi)
 8048efe:      74 0d                      je     8048f0d <strings_not_equal+0x45>
 8048f00:      8a 02                      mov    (%edx),%al
 8048f02:      3a 01                      cmp    (%ecx),%al
 8048f04:      75 ea                      jne    8048ef0 <strings_not_equal+0x28>
 8048f06:      42                         inc    %edx
 8048f07:      41                         inc    %ecx
 8048f08:      80 3a 00                   cmpb   $0x0,(%edx)
 8048f0b:      75 f3                      jne    8048f00 <strings_not_equal+0x38>
 8048f0d:      ba 00 00 00 00             mov    $0x0,%edx
 8048f12:      89 d0                      mov    %edx,%eax
 8048f14:      8d 65 f4                   lea    0xfffffff4(%ebp),%esp
 8048f17:      5b                         pop    %ebx
 8048f18:      5e                         pop    %esi
 8048f19:      5f                         pop    %edi
 8048f1a:      c9                         leave  
 8048f1b:      c3                         ret    

08048f1c <open_clientfd>:
 8048f1c:      55                         push   %ebp
 8048f1d:      89 e5                      mov    %esp,%ebp
 8048f1f:      57                         push   %edi
 8048f20:      56                         push   %esi
 8048f21:      53                         push   %ebx
 8048f22:      83 ec 20                   sub    $0x20,%esp
 8048f25:      8b 75 0c                   mov    0xc(%ebp),%esi
 8048f28:      6a 00                      push   $0x0
 8048f2a:      6a 01                      push   $0x1
 8048f2c:      6a 02                      push   $0x2
 8048f2e:      e8 9d f9 ff ff             call   80488d0 <socket@plt>
 8048f33:      89 c3                      mov    %eax,%ebx
 8048f35:      83 c4 10                   add    $0x10,%esp
 8048f38:      85 c0                      test   %eax,%eax
 8048f3a:      79 19                      jns    8048f55 <open_clientfd+0x39>
 8048f3c:      83 ec 0c                   sub    $0xc,%esp
 8048f3f:      68 04 97 04 08             push   $0x8049704
 8048f44:      e8 87 f8 ff ff             call   80487d0 <puts@plt>
 8048f49:      c7 04 24 08 00 00 00       movl   $0x8,(%esp)
 8048f50:      e8 0b f9 ff ff             call   8048860 <exit@plt>
 8048f55:      83 ec 0c                   sub    $0xc,%esp
 8048f58:      ff 75 08                   pushl  0x8(%ebp)
 8048f5b:      e8 f0 f8 ff ff             call   8048850 <gethostbyname@plt>
 8048f60:      89 c2                      mov    %eax,%edx
 8048f62:      83 c4 10                   add    $0x10,%esp
 8048f65:      85 c0                      test   %eax,%eax
 8048f67:      75 19                      jne    8048f82 <open_clientfd+0x66>
 8048f69:      83 ec 0c                   sub    $0xc,%esp
 8048f6c:      68 12 97 04 08             push   $0x8049712
 8048f71:      e8 5a f8 ff ff             call   80487d0 <puts@plt>
 8048f76:      c7 04 24 08 00 00 00       movl   $0x8,(%esp)
 8048f7d:      e8 de f8 ff ff             call   8048860 <exit@plt>
 8048f82:      8d 7d d8                   lea    0xffffffd8(%ebp),%edi
 8048f85:      fc                         cld    
 8048f86:      b9 04 00 00 00             mov    $0x4,%ecx
 8048f8b:      b8 00 00 00 00             mov    $0x0,%eax
 8048f90:      f3 ab                      repz stos %eax,%es:(%edi)
 8048f92:      66 c7 45 d8 02 00          movw   $0x2,0xffffffd8(%ebp)
 8048f98:      83 ec 04                   sub    $0x4,%esp
 8048f9b:      ff 72 0c                   pushl  0xc(%edx)
 8048f9e:      8d 45 dc                   lea    0xffffffdc(%ebp),%eax
 8048fa1:      50                         push   %eax
 8048fa2:      8b 42 10                   mov    0x10(%edx),%eax
 8048fa5:      ff 30                      pushl  (%eax)
 8048fa7:      e8 f4 f7 ff ff             call   80487a0 <bcopy@plt>
 8048fac:      83 c4 0c                   add    $0xc,%esp
 8048faf:      89 f0                      mov    %esi,%eax
 8048fb1:      66 c1 c8 08                ror    $0x8,%ax
 8048fb5:      66 89 45 da                mov    %ax,0xffffffda(%ebp)
 8048fb9:      6a 10                      push   $0x10
 8048fbb:      8d 45 d8                   lea    0xffffffd8(%ebp),%eax
 8048fbe:      50                         push   %eax
 8048fbf:      53                         push   %ebx
 8048fc0:      e8 bb f8 ff ff             call   8048880 <connect@plt>
 8048fc5:      83 c4 10                   add    $0x10,%esp
 8048fc8:      85 c0                      test   %eax,%eax
 8048fca:      79 19                      jns    8048fe5 <open_clientfd+0xc9>
 8048fcc:      83 ec 0c                   sub    $0xc,%esp
 8048fcf:      68 20 97 04 08             push   $0x8049720
 8048fd4:      e8 f7 f7 ff ff             call   80487d0 <puts@plt>
 8048fd9:      c7 04 24 08 00 00 00       movl   $0x8,(%esp)
 8048fe0:      e8 7b f8 ff ff             call   8048860 <exit@plt>
 8048fe5:      89 d8                      mov    %ebx,%eax
 8048fe7:      8d 65 f4                   lea    0xfffffff4(%ebp),%esp
 8048fea:      5b                         pop    %ebx
 8048feb:      5e                         pop    %esi
 8048fec:      5f                         pop    %edi
 8048fed:      c9                         leave  
 8048fee:      c3                         ret    

08048fef <initialize_bomb>:
 8048fef:      55                         push   %ebp
 8048ff0:      89 e5                      mov    %esp,%ebp
 8048ff2:      83 ec 10                   sub    $0x10,%esp
 8048ff5:      68 fc 8d 04 08             push   $0x8048dfc
 8048ffa:      6a 02                      push   $0x2
 8048ffc:      e8 7f f7 ff ff             call   8048780 <signal@plt>
 8049001:      c9                         leave  
 8049002:      c3                         ret    

08049003 <blank_line>:
 8049003:      55                         push   %ebp
 8049004:      89 e5                      mov    %esp,%ebp
 8049006:      53                         push   %ebx
 8049007:      83 ec 04                   sub    $0x4,%esp
 804900a:      8b 5d 08                   mov    0x8(%ebp),%ebx
 804900d:      80 3b 00                   cmpb   $0x0,(%ebx)
 8049010:      74 1e                      je     8049030 <blank_line+0x2d>
 8049012:      e8 c9 f8 ff ff             call   80488e0 <__ctype_b_loc@plt>
 8049017:      8b 10                      mov    (%eax),%edx
 8049019:      0f be 03                   movsbl (%ebx),%eax
 804901c:      43                         inc    %ebx
 804901d:      f6 44 42 01 20             testb  $0x20,0x1(%edx,%eax,2)
 8049022:      75 07                      jne    804902b <blank_line+0x28>
 8049024:      b8 00 00 00 00             mov    $0x0,%eax
 8049029:      eb 0a                      jmp    8049035 <blank_line+0x32>
 804902b:      80 3b 00                   cmpb   $0x0,(%ebx)
 804902e:      75 e9                      jne    8049019 <blank_line+0x16>
 8049030:      b8 01 00 00 00             mov    $0x1,%eax
 8049035:      83 c4 04                   add    $0x4,%esp
 8049038:      5b                         pop    %ebx
 8049039:      c9                         leave  
 804903a:      c3                         ret    

0804903b <skip>:
 804903b:      55                         push   %ebp
 804903c:      89 e5                      mov    %esp,%ebp
 804903e:      53                         push   %ebx
 804903f:      83 ec 04                   sub    $0x4,%esp
 8049042:      83 ec 04                   sub    $0x4,%esp
 8049045:      ff 35 70 a8 04 08          pushl  0x804a870
 804904b:      6a 50                      push   $0x50
 804904d:      a1 6c a8 04 08             mov    0x804a86c,%eax
 8049052:      8d 04 80                   lea    (%eax,%eax,4),%eax
 8049055:      c1 e0 04                   shl    $0x4,%eax
 8049058:      05 80 a8 04 08             add    $0x804a880,%eax
 804905d:      50                         push   %eax
 804905e:      e8 7d f7 ff ff             call   80487e0 <fgets@plt>
 8049063:      89 c3                      mov    %eax,%ebx
 8049065:      83 c4 10                   add    $0x10,%esp
 8049068:      85 c0                      test   %eax,%eax
 804906a:      74 10                      je     804907c <skip+0x41>
 804906c:      83 ec 0c                   sub    $0xc,%esp
 804906f:      50                         push   %eax
 8049070:      e8 8e ff ff ff             call   8049003 <blank_line>
 8049075:      83 c4 10                   add    $0x10,%esp
 8049078:      85 c0                      test   %eax,%eax
 804907a:      75 c6                      jne    8049042 <skip+0x7>
 804907c:      89 d8                      mov    %ebx,%eax
 804907e:      8b 5d fc                   mov    0xfffffffc(%ebp),%ebx
 8049081:      c9                         leave  
 8049082:      c3                         ret    

08049083 <read_line>:
 8049083:      55                         push   %ebp
 8049084:      89 e5                      mov    %esp,%ebp
 8049086:      57                         push   %edi
 8049087:      83 ec 04                   sub    $0x4,%esp
 804908a:      e8 ac ff ff ff             call   804903b <skip>
 804908f:      85 c0                      test   %eax,%eax
 8049091:      75 6a                      jne    80490fd <read_line+0x7a>
 8049093:      a1 70 a8 04 08             mov    0x804a870,%eax
 8049098:      3b 05 64 a8 04 08          cmp    0x804a864,%eax
 804909e:      75 17                      jne    80490b7 <read_line+0x34>
 80490a0:      83 ec 0c                   sub    $0xc,%esp
 80490a3:      68 2e 97 04 08             push   $0x804972e
 80490a8:      e8 23 f7 ff ff             call   80487d0 <puts@plt>
 80490ad:      e8 e4 02 00 00             call   8049396 <explode_bomb>
 80490b2:      83 c4 10                   add    $0x10,%esp
 80490b5:      eb 46                      jmp    80490fd <read_line+0x7a>
 80490b7:      83 ec 0c                   sub    $0xc,%esp
 80490ba:      68 4c 97 04 08             push   $0x804974c
 80490bf:      e8 ac f6 ff ff             call   8048770 <getenv@plt>
 80490c4:      83 c4 10                   add    $0x10,%esp
 80490c7:      85 c0                      test   %eax,%eax
 80490c9:      74 0a                      je     80490d5 <read_line+0x52>
 80490cb:      83 ec 0c                   sub    $0xc,%esp
 80490ce:      6a 00                      push   $0x0
 80490d0:      e8 8b f7 ff ff             call   8048860 <exit@plt>
 80490d5:      a1 64 a8 04 08             mov    0x804a864,%eax
 80490da:      a3 70 a8 04 08             mov    %eax,0x804a870
 80490df:      e8 57 ff ff ff             call   804903b <skip>
 80490e4:      85 c0                      test   %eax,%eax
 80490e6:      75 15                      jne    80490fd <read_line+0x7a>
 80490e8:      83 ec 0c                   sub    $0xc,%esp
 80490eb:      68 2e 97 04 08             push   $0x804972e
 80490f0:      e8 db f6 ff ff             call   80487d0 <puts@plt>
 80490f5:      e8 9c 02 00 00             call   8049396 <explode_bomb>
 80490fa:      83 c4 10                   add    $0x10,%esp
 80490fd:      a1 6c a8 04 08             mov    0x804a86c,%eax
 8049102:      8d 04 80                   lea    (%eax,%eax,4),%eax
 8049105:      c1 e0 04                   shl    $0x4,%eax
 8049108:      8d b8 80 a8 04 08          lea    0x804a880(%eax),%edi
 804910e:      fc                         cld    
 804910f:      b9 ff ff ff ff             mov    $0xffffffff,%ecx
 8049114:      b0 00                      mov    $0x0,%al
 8049116:      f2 ae                      repnz scas %es:(%edi),%al
 8049118:      f7 d1                      not    %ecx
 804911a:      8d 79 ff                   lea    0xffffffff(%ecx),%edi
 804911d:      83 ff 4f                   cmp    $0x4f,%edi
 8049120:      75 15                      jne    8049137 <read_line+0xb4>
 8049122:      83 ec 0c                   sub    $0xc,%esp
 8049125:      68 57 97 04 08             push   $0x8049757
 804912a:      e8 a1 f6 ff ff             call   80487d0 <puts@plt>
 804912f:      e8 62 02 00 00             call   8049396 <explode_bomb>
 8049134:      83 c4 10                   add    $0x10,%esp
 8049137:      8b 15 6c a8 04 08          mov    0x804a86c,%edx
 804913d:      8d 04 92                   lea    (%edx,%edx,4),%eax
 8049140:      c1 e0 04                   shl    $0x4,%eax
 8049143:      05 80 a8 04 08             add    $0x804a880,%eax
 8049148:      c6 44 38 ff 00             movb   $0x0,0xffffffff(%eax,%edi,1)
 804914d:      42                         inc    %edx
 804914e:      89 15 6c a8 04 08          mov    %edx,0x804a86c
 8049154:      8b 7d fc                   mov    0xfffffffc(%ebp),%edi
 8049157:      c9                         leave  
 8049158:      c3                         ret    

08049159 <send_msg>:
 8049159:      55                         push   %ebp
 804915a:      89 e5                      mov    %esp,%ebp
 804915c:      57                         push   %edi
 804915d:      56                         push   %esi
 804915e:      53                         push   %ebx
 804915f:      83 ec 78                   sub    $0x78,%esp
 8049162:      6a 00                      push   $0x0
 8049164:      e8 37 f7 ff ff             call   80488a0 <dup@plt>
 8049169:      89 45 90                   mov    %eax,0xffffff90(%ebp)
 804916c:      83 c4 10                   add    $0x10,%esp
 804916f:      83 f8 ff                   cmp    $0xffffffff,%eax
 8049172:      75 19                      jne    804918d <send_msg+0x34>
 8049174:      83 ec 0c                   sub    $0xc,%esp
 8049177:      68 72 97 04 08             push   $0x8049772
 804917c:      e8 4f f6 ff ff             call   80487d0 <puts@plt>
 8049181:      c7 04 24 08 00 00 00       movl   $0x8,(%esp)
 8049188:      e8 d3 f6 ff ff             call   8048860 <exit@plt>
 804918d:      83 ec 0c                   sub    $0xc,%esp
 8049190:      6a 00                      push   $0x0
 8049192:      e8 a9 f5 ff ff             call   8048740 <close@plt>
 8049197:      83 c4 10                   add    $0x10,%esp
 804919a:      83 f8 ff                   cmp    $0xffffffff,%eax
 804919d:      75 19                      jne    80491b8 <send_msg+0x5f>
 804919f:      83 ec 0c                   sub    $0xc,%esp
 80491a2:      68 86 97 04 08             push   $0x8049786
 80491a7:      e8 24 f6 ff ff             call   80487d0 <puts@plt>
 80491ac:      c7 04 24 08 00 00 00       movl   $0x8,(%esp)
 80491b3:      e8 a8 f6 ff ff             call   8048860 <exit@plt>
 80491b8:      e8 a3 f5 ff ff             call   8048760 <tmpfile@plt>
 80491bd:      89 45 94                   mov    %eax,0xffffff94(%ebp)
 80491c0:      85 c0                      test   %eax,%eax
 80491c2:      75 19                      jne    80491dd <send_msg+0x84>
 80491c4:      83 ec 0c                   sub    $0xc,%esp
 80491c7:      68 99 97 04 08             push   $0x8049799
 80491cc:      e8 ff f5 ff ff             call   80487d0 <puts@plt>
 80491d1:      c7 04 24 08 00 00 00       movl   $0x8,(%esp)
 80491d8:      e8 83 f6 ff ff             call   8048860 <exit@plt>
 80491dd:      ff 75 94                   pushl  0xffffff94(%ebp)
 80491e0:      6a 1b                      push   $0x1b
 80491e2:      6a 01                      push   $0x1
 80491e4:      68 ae 97 04 08             push   $0x80497ae
 80491e9:      e8 d2 f6 ff ff             call   80488c0 <fwrite@plt>
 80491ee:      83 c4 08                   add    $0x8,%esp
 80491f1:      ff 75 94                   pushl  0xffffff94(%ebp)
 80491f4:      6a 0a                      push   $0xa
 80491f6:      e8 15 f6 ff ff             call   8048810 <fputc@plt>
 80491fb:      c7 04 24 00 00 00 00       movl   $0x0,(%esp)
 8049202:      e8 e9 f6 ff ff             call   80488f0 <cuserid@plt>
 8049207:      83 c4 10                   add    $0x10,%esp
 804920a:      85 c0                      test   %eax,%eax
 804920c:      75 15                      jne    8049223 <send_msg+0xca>
 804920e:      be ca 97 04 08             mov    $0x80497ca,%esi
 8049213:      8d 7d 98                   lea    0xffffff98(%ebp),%edi
 8049216:      fc                         cld    
 8049217:      b9 01 00 00 00             mov    $0x1,%ecx
 804921c:      f3 a5                      repz movsl %ds:(%esi),%es:(%edi)
 804921e:      66 a5                      movsw  %ds:(%esi),%es:(%edi)
 8049220:      a4                         movsb  %ds:(%esi),%es:(%edi)
 8049221:      eb 10                      jmp    8049233 <send_msg+0xda>
 8049223:      83 ec 08                   sub    $0x8,%esp
 8049226:      50                         push   %eax
 8049227:      8d 45 98                   lea    0xffffff98(%ebp),%eax
 804922a:      50                         push   %eax
 804922b:      e8 d0 f6 ff ff             call   8048900 <strcpy@plt>
 8049230:      83 c4 10                   add    $0x10,%esp
 8049233:      83 ec 04                   sub    $0x4,%esp
 8049236:      ff 35 6c a8 04 08          pushl  0x804a86c
 804923c:      b8 d1 97 04 08             mov    $0x80497d1,%eax
 8049241:      83 7d 08 00                cmpl   $0x0,0x8(%ebp)
 8049245:      75 05                      jne    804924c <send_msg+0xf3>
 8049247:      b8 d9 97 04 08             mov    $0x80497d9,%eax
 804924c:      50                         push   %eax
 804924d:      8d 45 98                   lea    0xffffff98(%ebp),%eax
 8049250:      50                         push   %eax
 8049251:      ff 35 80 a1 04 08          pushl  0x804a180
 8049257:      68 a0 a1 04 08             push   $0x804a1a0
 804925c:      68 e2 97 04 08             push   $0x80497e2
 8049261:      ff 75 94                   pushl  0xffffff94(%ebp)
 8049264:      e8 e7 f4 ff ff             call   8048750 <fprintf@plt>
 8049269:      ba 00 00 00 00             mov    $0x0,%edx
 804926e:      83 c4 20                   add    $0x20,%esp
 8049271:      3b 15 6c a8 04 08          cmp    0x804a86c,%edx
 8049277:      7d 3c                      jge    80492b5 <send_msg+0x15c>
 8049279:      83 ec 04                   sub    $0x4,%esp
 804927c:      8d 04 92                   lea    (%edx,%edx,4),%eax
 804927f:      c1 e0 04                   shl    $0x4,%eax
 8049282:      05 80 a8 04 08             add    $0x804a880,%eax
 8049287:      50                         push   %eax
 8049288:      8d 5a 01                   lea    0x1(%edx),%ebx
 804928b:      53                         push   %ebx
 804928c:      8d 45 98                   lea    0xffffff98(%ebp),%eax
 804928f:      50                         push   %eax
 8049290:      ff 35 80 a1 04 08          pushl  0x804a180
 8049296:      68 a0 a1 04 08             push   $0x804a1a0
 804929b:      68 fe 97 04 08             push   $0x80497fe
 80492a0:      ff 75 94                   pushl  0xffffff94(%ebp)
 80492a3:      e8 a8 f4 ff ff             call   8048750 <fprintf@plt>
 80492a8:      83 c4 20                   add    $0x20,%esp
 80492ab:      89 da                      mov    %ebx,%edx
 80492ad:      3b 1d 6c a8 04 08          cmp    0x804a86c,%ebx
 80492b3:      7c c4                      jl     8049279 <send_msg+0x120>
 80492b5:      83 ec 0c                   sub    $0xc,%esp
 80492b8:      ff 75 94                   pushl  0xffffff94(%ebp)
 80492bb:      e8 f0 f4 ff ff             call   80487b0 <rewind@plt>
 80492c0:      c7 04 24 1a 98 04 08       movl   $0x804981a,(%esp)
 80492c7:      68 2b 98 04 08             push   $0x804982b
 80492cc:      68 31 98 04 08             push   $0x8049831
 80492d1:      68 48 98 04 08             push   $0x8049848
 80492d6:      68 c0 ae 04 08             push   $0x804aec0
 80492db:      e8 d0 f5 ff ff             call   80488b0 <sprintf@plt>
 80492e0:      83 c4 14                   add    $0x14,%esp
 80492e3:      68 c0 ae 04 08             push   $0x804aec0
 80492e8:      e8 d3 f4 ff ff             call   80487c0 <system@plt>
 80492ed:      83 c4 10                   add    $0x10,%esp
 80492f0:      85 c0                      test   %eax,%eax
 80492f2:      74 19                      je     804930d <send_msg+0x1b4>
 80492f4:      83 ec 0c                   sub    $0xc,%esp
 80492f7:      68 51 98 04 08             push   $0x8049851
 80492fc:      e8 cf f4 ff ff             call   80487d0 <puts@plt>
 8049301:      c7 04 24 08 00 00 00       movl   $0x8,(%esp)
 8049308:      e8 53 f5 ff ff             call   8048860 <exit@plt>
 804930d:      83 ec 0c                   sub    $0xc,%esp
 8049310:      ff 75 94                   pushl  0xffffff94(%ebp)
 8049313:      e8 28 f5 ff ff             call   8048840 <fclose@plt>
 8049318:      83 c4 10                   add    $0x10,%esp
 804931b:      85 c0                      test   %eax,%eax
 804931d:      74 19                      je     8049338 <send_msg+0x1df>
 804931f:      83 ec 0c                   sub    $0xc,%esp
 8049322:      68 6b 98 04 08             push   $0x804986b
 8049327:      e8 a4 f4 ff ff             call   80487d0 <puts@plt>
 804932c:      c7 04 24 08 00 00 00       movl   $0x8,(%esp)
 8049333:      e8 28 f5 ff ff             call   8048860 <exit@plt>
 8049338:      83 ec 0c                   sub    $0xc,%esp
 804933b:      ff 75 90                   pushl  0xffffff90(%ebp)
 804933e:      e8 5d f5 ff ff             call   80488a0 <dup@plt>
 8049343:      83 c4 10                   add    $0x10,%esp
 8049346:      85 c0                      test   %eax,%eax
 8049348:      74 19                      je     8049363 <send_msg+0x20a>
 804934a:      83 ec 0c                   sub    $0xc,%esp
 804934d:      68 84 98 04 08             push   $0x8049884
 8049352:      e8 79 f4 ff ff             call   80487d0 <puts@plt>
 8049357:      c7 04 24 08 00 00 00       movl   $0x8,(%esp)
 804935e:      e8 fd f4 ff ff             call   8048860 <exit@plt>
 8049363:      83 ec 0c                   sub    $0xc,%esp
 8049366:      ff 75 90                   pushl  0xffffff90(%ebp)
 8049369:      e8 d2 f3 ff ff             call   8048740 <close@plt>
 804936e:      83 c4 10                   add    $0x10,%esp
 8049371:      85 c0                      test   %eax,%eax
 8049373:      74 19                      je     804938e <send_msg+0x235>
 8049375:      83 ec 0c                   sub    $0xc,%esp
 8049378:      68 9f 98 04 08             push   $0x804989f
 804937d:      e8 4e f4 ff ff             call   80487d0 <puts@plt>
 8049382:      c7 04 24 08 00 00 00       movl   $0x8,(%esp)
 8049389:      e8 d2 f4 ff ff             call   8048860 <exit@plt>
 804938e:      8d 65 f4                   lea    0xfffffff4(%ebp),%esp
 8049391:      5b                         pop    %ebx
 8049392:      5e                         pop    %esi
 8049393:      5f                         pop    %edi
 8049394:      c9                         leave  
 8049395:      c3                         ret    

08049396 <explode_bomb>:
 8049396:      55                         push   %ebp
 8049397:      89 e5                      mov    %esp,%ebp
 8049399:      83 ec 14                   sub    $0x14,%esp
 804939c:      68 b6 98 04 08             push   $0x80498b6
 80493a1:      e8 2a f4 ff ff             call   80487d0 <puts@plt>
 80493a6:      c7 04 24 bf 98 04 08       movl   $0x80498bf,(%esp)
 80493ad:      e8 1e f4 ff ff             call   80487d0 <puts@plt>
 80493b2:      c7 04 24 08 00 00 00       movl   $0x8,(%esp)
 80493b9:      e8 a2 f4 ff ff             call   8048860 <exit@plt>

080493be <phase_defused>:
 80493be:      55                         push   %ebp
 80493bf:      89 e5                      mov    %esp,%ebp
 80493c1:      53                         push   %ebx
 80493c2:      83 ec 64                   sub    $0x64,%esp
 80493c5:      83 3d 6c a8 04 08 06       cmpl   $0x6,0x804a86c
 80493cc:      75 62                      jne    8049430 <phase_defused+0x72>
 80493ce:      8d 5d a8                   lea    0xffffffa8(%ebp),%ebx
 80493d1:      53                         push   %ebx
 80493d2:      8d 45 a4                   lea    0xffffffa4(%ebp),%eax
 80493d5:      50                         push   %eax
 80493d6:      68 d6 98 04 08             push   $0x80498d6
 80493db:      68 70 a9 04 08             push   $0x804a970
 80493e0:      e8 8b f4 ff ff             call   8048870 <sscanf@plt>
 80493e5:      83 c4 10                   add    $0x10,%esp
 80493e8:      83 f8 02                   cmp    $0x2,%eax
 80493eb:      75 33                      jne    8049420 <phase_defused+0x62>
 80493ed:      68 dc 98 04 08             push   $0x80498dc
 80493f2:      53                         push   %ebx
 80493f3:      e8 d0 fa ff ff             call   8048ec8 <strings_not_equal>
 80493f8:      83 c4 08                   add    $0x8,%esp
 80493fb:      85 c0                      test   %eax,%eax
 80493fd:      75 21                      jne    8049420 <phase_defused+0x62>
 80493ff:      83 ec 0c                   sub    $0xc,%esp
 8049402:      68 24 99 04 08             push   $0x8049924
 8049407:      e8 c4 f3 ff ff             call   80487d0 <puts@plt>
 804940c:      c7 04 24 4c 99 04 08       movl   $0x804994c,(%esp)
 8049413:      e8 b8 f3 ff ff             call   80487d0 <puts@plt>
 8049418:      e8 84 f9 ff ff             call   8048da1 <secret_phase>
 804941d:      83 c4 10                   add    $0x10,%esp
 8049420:      83 ec 0c                   sub    $0xc,%esp
 8049423:      68 84 99 04 08             push   $0x8049984
 8049428:      e8 a3 f3 ff ff             call   80487d0 <puts@plt>
 804942d:      83 c4 10                   add    $0x10,%esp
 8049430:      8b 5d fc                   mov    0xfffffffc(%ebp),%ebx
 8049433:      c9                         leave  
 8049434:      c3                         ret    
 8049435:      90                         nop    
 8049436:      90                         nop    
 8049437:      90                         nop    

08049438 <__libc_csu_init>:
 8049438:      55                         push   %ebp
 8049439:      89 e5                      mov    %esp,%ebp
 804943b:      57                         push   %edi
 804943c:      56                         push   %esi
 804943d:      53                         push   %ebx
 804943e:      83 ec 0c                   sub    $0xc,%esp
 8049441:      e8 00 00 00 00             call   8049446 <__libc_csu_init+0xe>
 8049446:      5b                         pop    %ebx
 8049447:      81 c3 9a 0c 00 00          add    $0xc9a,%ebx
 804944d:      e8 c6 f2 ff ff             call   8048718 <_init>
 8049452:      8d 83 20 ff ff ff          lea    0xffffff20(%ebx),%eax
 8049458:      8d 93 20 ff ff ff          lea    0xffffff20(%ebx),%edx
 804945e:      89 45 f0                   mov    %eax,0xfffffff0(%ebp)
 8049461:      29 d0                      sub    %edx,%eax
 8049463:      31 f6                      xor    %esi,%esi
 8049465:      c1 f8 02                   sar    $0x2,%eax
 8049468:      39 c6                      cmp    %eax,%esi
 804946a:      73 16                      jae    8049482 <__libc_csu_init+0x4a>
 804946c:      89 d7                      mov    %edx,%edi
 804946e:      89 f6                      mov    %esi,%esi
 8049470:      ff 14 b2                   call   *(%edx,%esi,4)
 8049473:      8b 4d f0                   mov    0xfffffff0(%ebp),%ecx
 8049476:      29 f9                      sub    %edi,%ecx
 8049478:      46                         inc    %esi
 8049479:      c1 f9 02                   sar    $0x2,%ecx
 804947c:      39 ce                      cmp    %ecx,%esi
 804947e:      89 fa                      mov    %edi,%edx
 8049480:      72 ee                      jb     8049470 <__libc_csu_init+0x38>
 8049482:      83 c4 0c                   add    $0xc,%esp
 8049485:      5b                         pop    %ebx
 8049486:      5e                         pop    %esi
 8049487:      5f                         pop    %edi
 8049488:      c9                         leave  
 8049489:      c3                         ret    
 804948a:      89 f6                      mov    %esi,%esi

0804948c <__libc_csu_fini>:
 804948c:      55                         push   %ebp
 804948d:      89 e5                      mov    %esp,%ebp
 804948f:      57                         push   %edi
 8049490:      56                         push   %esi
 8049491:      53                         push   %ebx
 8049492:      e8 00 00 00 00             call   8049497 <__libc_csu_fini+0xb>
 8049497:      5b                         pop    %ebx
 8049498:      81 c3 49 0c 00 00          add    $0xc49,%ebx
 804949e:      8d 83 20 ff ff ff          lea    0xffffff20(%ebx),%eax
 80494a4:      8d bb 20 ff ff ff          lea    0xffffff20(%ebx),%edi
 80494aa:      29 f8                      sub    %edi,%eax
 80494ac:      c1 f8 02                   sar    $0x2,%eax
 80494af:      83 ec 0c                   sub    $0xc,%esp
 80494b2:      8d 70 ff                   lea    0xffffffff(%eax),%esi
 80494b5:      eb 05                      jmp    80494bc <__libc_csu_fini+0x30>
 80494b7:      90                         nop    
 80494b8:      ff 14 b7                   call   *(%edi,%esi,4)
 80494bb:      4e                         dec    %esi
 80494bc:      83 fe ff                   cmp    $0xffffffff,%esi
 80494bf:      75 f7                      jne    80494b8 <__libc_csu_fini+0x2c>
 80494c1:      e8 2e 00 00 00             call   80494f4 <_fini>
 80494c6:      83 c4 0c                   add    $0xc,%esp
 80494c9:      5b                         pop    %ebx
 80494ca:      5e                         pop    %esi
 80494cb:      5f                         pop    %edi
 80494cc:      c9                         leave  
 80494cd:      c3                         ret    
 80494ce:      90                         nop    
 80494cf:      90                         nop    

080494d0 <__do_global_ctors_aux>:
 80494d0:      55                         push   %ebp
 80494d1:      89 e5                      mov    %esp,%ebp
 80494d3:      53                         push   %ebx
 80494d4:      52                         push   %edx
 80494d5:      bb 00 a0 04 08             mov    $0x804a000,%ebx
 80494da:      a1 00 a0 04 08             mov    0x804a000,%eax
 80494df:      eb 0a                      jmp    80494eb <__do_global_ctors_aux+0x1b>
 80494e1:      8d 76 00                   lea    0x0(%esi),%esi
 80494e4:      83 eb 04                   sub    $0x4,%ebx
 80494e7:      ff d0                      call   *%eax
 80494e9:      8b 03                      mov    (%ebx),%eax
 80494eb:      83 f8 ff                   cmp    $0xffffffff,%eax
 80494ee:      75 f4                      jne    80494e4 <__do_global_ctors_aux+0x14>
 80494f0:      58                         pop    %eax
 80494f1:      5b                         pop    %ebx
 80494f2:      c9                         leave  
 80494f3:      c3                         ret    
Disassembly of section .fini:

080494f4 <_fini>:
 80494f4:      55                         push   %ebp
 80494f5:      89 e5                      mov    %esp,%ebp
 80494f7:      53                         push   %ebx
 80494f8:      e8 00 00 00 00             call   80494fd <_fini+0x9>
 80494fd:      5b                         pop    %ebx
 80494fe:      81 c3 e3 0b 00 00          add    $0xbe3,%ebx
 8049504:      50                         push   %eax
 8049505:      e8 4e f4 ff ff             call   8048958 <__do_global_dtors_aux>
 804950a:      59                         pop    %ecx
 804950b:      5b                         pop    %ebx
 804950c:      c9                         leave  
 804950d:      c3                         ret  

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2007-11-04 at 12:15:32ID22937919
Tags

bomb

,

binary

Topics

Assembly Programming Language

,

C Programming Language

Participating Experts
3
Points
500
Comments
26

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. binary bomb assignment, figuring out assembly
    OK im sure of u guys might of encountered this little exercise before. Anyways, I'm having trouble figuring out one of the phases. Anyways here's the code: /* The second phase is harder. No one will ever figure out * how to defuse this... */ input = read_line(); ...
  2. Binary Bomb
    I am trying to defuse a binary bomb and this is the code for phase one Dump of assembler code for function phase_1: 0x08048b08 <phase_1+0>: push %ebp 0x08048b09 <phase_1+1>: mov %esp,%ebp 0x08048b0b <phase_1+3>: sub $0x10,%esp 0x08048b0e <phase_1...
  3. Binary Bomb Phase 5
    Infinity08 your comments are really helping me understand this better. Could you please let me know if what I wrote is going on here is correct. I can't seem to figure out exactly what this wants, except know it wants a string that is length 6. Thanks again Dump of assemb...
  4. Binary Bomb Final Phase
    Alright, on the last phase of the binary bomb. I have the code commented and just wanted to know if what I think is happening really is. So far I just think it is a bunch of nested loops and that the input will be 5 or less numbers. Alright any feedback would be very appre...
  5. Binary Bomb - Phase_5 - Assembly
    Hi everyone, It's the classic binary bomb lab, and I'm completely stuck on phase 5. Here's what I got:
  6. diffusing a bomb
    hey, I need to diffuse a "bomb", I was hoping I could get some advice, I have a vague idea of what I need to do. 080519c4 <phase_1>: 80519c4: 55 push %ebp 80519c5: 89 e5 mov %esp,%ebp 80519c7: 83 ec 10 s...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: Infinity08Posted on 2007-11-04 at 12:19:04ID: 20211943

>> Can anyone help please

Start by finding out under which conditions the bomb explodes, and then avoid those conditions by giving a certain input.

How far did you get ?

 

by: aib_42Posted on 2007-11-04 at 12:20:51ID: 20211948

You're much better of debugging than disassembling the file...

A more thorough disassembler or any good debugger should also give you some more information on the code, such as what parameters to certain function calls are, what are the contents of some strings in the program, etc.

It doesn't look very complicated, single-stepping through the program should give you an idea about how it works.

If you have trouble understanding a certain portion of the code, you could post it, or just ask for a few (more) pointers from the experts; but you should supply the binary file in any case.

 

by: dminh01Posted on 2007-11-04 at 12:28:49ID: 20212025

yes that correct but i can only figure out the input for phase 1

 

by: dminh01Posted on 2007-11-04 at 12:30:03ID: 20212047

i am new to this web. how do i attach the bin file.
Please help how to figure out phase 2

thanks

 

by: Infinity08Posted on 2007-11-04 at 12:37:17ID: 20212108

For phase 2, there are two locations where the bomb can explode :

 8048b3f:      83 7d d8 01                cmpl   $0x1,0xffffffd8(%ebp)
 8048b43:      74 05                      je     8048b4a <phase_2+0x21>

and :

 8048b57:      39 44 9d d8                cmp    %eax,0xffffffd8(%ebp,%ebx,4)
 8048b5b:      74 05                      je     8048b62 <phase_2+0x39>

So, these jumps have to be made, otherwise the bomb explodes

Also, in order to end phase 2, this jump can't be made :

 8048b63:      83 fb 05                   cmp    $0x5,%ebx
 8048b66:      7e e7                      jle    8048b4f <phase_2+0x26>


Are there any specific parts of phase 2 you have trouble with ?

 

by: dminh01Posted on 2007-11-04 at 12:43:20ID: 20212155

so how do i figure out what input I should type in order to defuse the bomb

thanks this web is great. help a lot

 

by: Infinity08Posted on 2007-11-04 at 12:46:25ID: 20212166

Well, I'm trying not to give away too much ... You should really try to figure this out yourself. So, I'll ask my question again : do you understand what's happening in phase 2 ? If not, where are you stuck ?

Before you know which input to give to defuse the bomb, you have to understand what the code does.

 

by: dminh01Posted on 2007-11-04 at 12:47:03ID: 20212170

can u also give me the example of using gdb to break and defuse phase 2 that will help a lot

thanks

i m so new to this

 

by: dminh01Posted on 2007-11-04 at 12:47:41ID: 20212172

no not really I dont quiet understand. can you give me an explanation

 

by: Infinity08Posted on 2007-11-04 at 12:48:36ID: 20212174

How did you figure out how to defuse phase 1 ?

 

by: Infinity08Posted on 2007-11-04 at 12:49:40ID: 20212180

>> no not really I dont quiet understand. can you give me an explanation

As I said : where are you stuck ? How far did you get ? We're not allowed to do the work for you, but will assist you with specific questions.

 

by: dminh01Posted on 2007-11-04 at 12:49:48ID: 20212183

to defuse phase 1 i just examine all the register, mem one by one using stepi. I dont really know how to do this.

 

by: dminh01Posted on 2007-11-04 at 12:51:58ID: 20212195

did you mean so in order for the bomb not to execute then I must examine all the memory before the bomb is calling to see what is stored in there right?

thnks

 

by: Infinity08Posted on 2007-11-04 at 12:55:23ID: 20212210

>> I dont really know how to do this.

As I said : try to understand what's happening. Isolate the code for phase 2 :

08048b29 <phase_2>:
 8048b29:      55                         push   %ebp
 8048b2a:      89 e5                      mov    %esp,%ebp
 8048b2c:      53                         push   %ebx
 8048b2d:      83 ec 2c                   sub    $0x2c,%esp
 8048b30:      8d 45 d8                   lea    0xffffffd8(%ebp),%eax
 8048b33:      50                         push   %eax
 8048b34:      ff 75 08                   pushl  0x8(%ebp)
 8048b37:      e8 39 03 00 00             call   8048e75 <read_six_numbers>
 8048b3c:      83 c4 10                   add    $0x10,%esp
 8048b3f:      83 7d d8 01                cmpl   $0x1,0xffffffd8(%ebp)
 8048b43:      74 05                      je     8048b4a <phase_2+0x21>
 8048b45:      e8 4c 08 00 00             call   8049396 <explode_bomb>
 8048b4a:      bb 01 00 00 00             mov    $0x1,%ebx
 8048b4f:      8d 43 01                   lea    0x1(%ebx),%eax
 8048b52:      0f af 44 9d d4             imul   0xffffffd4(%ebp,%ebx,4),%eax
 8048b57:      39 44 9d d8                cmp    %eax,0xffffffd8(%ebp,%ebx,4)
 8048b5b:      74 05                      je     8048b62 <phase_2+0x39>
 8048b5d:      e8 34 08 00 00             call   8049396 <explode_bomb>
 8048b62:      43                         inc    %ebx
 8048b63:      83 fb 05                   cmp    $0x5,%ebx
 8048b66:      7e e7                      jle    8048b4f <phase_2+0x26>
 8048b68:      8b 5d fc                   mov    0xfffffffc(%ebp),%ebx
 8048b6b:      c9                         leave  
 8048b6c:      c3                         ret    

And figure out what each line does.

This line for example gives you a clue where the input will be found :

 8048b37:      e8 39 03 00 00             call   8048e75 <read_six_numbers>

I've already listed the three critical jumps that either can't or have to be made (see my earlier post). The other lines perform some operations on the input values, and will be important to figure out which value you need to input.

Go over the code one line at a time, and figure out what it does. Once you know what each line does, you can start figuring out the input you should give that will avoid the explosion.

 

by: dminh01Posted on 2007-11-04 at 13:06:14ID: 20212244

This is what I can read and also not sure. The example in text book is much easier and a bit differnt.  Can u explain if this is correct. Can I have your char ID so we can talk. THis help me so much so far. So as I understand I have to deal with the memory somehow so the bomb will not explode in the 3 position you mentioned above. Is this correct?
Also how do you print the value (int, douoble) in gdb. Like x/s will print out the strin







thanks

08048b29 <phase_2>:
 8048b29:      55                         push   %ebp                                // setup
 8048b2a:      89 e5                      mov    %esp,%ebp                    // setup
 8048b2c:      53                         push   %ebx                               // setup
 8048b2d:      83 ec 2c                   sub    $0x2c,%esp                 // subtract esp -2
 8048b30:      8d 45 d8                   lea    0xffffffd8(%ebp),%eax          // load eax=ebp + 0xfffffffd8
 8048b33:      50                         push   %eax                                   // put eax input in stack
 8048b34:      ff 75 08                   pushl  0x8(%ebp)                       // put ebp=ebp+8 in stack
 8048b37:      e8 39 03 00 00             call   8048e75 <read_six_numbers>     // call read6no
 8048b3c:      83 c4 10                   add    $0x10,%esp                          // esp=esp+1
 8048b3f:      83 7d d8 01                cmpl   $0x1,0xffffffd8(%ebp)         // compare ebp to 1
 8048b43:      74 05                      je     8048b4a <phase_2+0x21>       // if equal then call phase and   explode                                                                                       the bomb
 8048b45:      e8 4c 08 00 00             call   8049396 <explode_bomb>
 8048b4a:      bb 01 00 00 00             mov    $0x1,%ebx                    // ebx=1
 8048b4f:      8d 43 01                   lea    0x1(%ebx),%eax               // eax=ebx+1
 8048b52:      0f af 44 9d d4             imul   0xffffffd4(%ebp,%ebx,4),%eax      // eax=4ebx*ebp
 8048b57:      39 44 9d d8                cmp    %eax,0xffffffd8(%ebp,%ebx,4)   // compare eax and .....
 8048b5b:      74 05                      je     8048b62 <phase_2+0x39>      // same as above if not equal then                                                                                 explode
 8048b5d:      e8 34 08 00 00             call   8049396 <explode_bomb>
 8048b62:      43                         inc    %ebx                              // ebx++
 8048b63:      83 fb 05                   cmp    $0x5,%ebx                  // compare ebx with 5
 8048b66:      7e e7                      jle    8048b4f <phase_2+0x26>         // exlode if not equal
 8048b68:      8b 5d fc                   mov    0xfffffffc(%ebp),%ebx
 8048b6b:      c9                         leave  
 8048b6c:      c3                         ret    

 

by: Infinity08Posted on 2007-11-04 at 13:36:16ID: 20212385

>>  8048b2d:      83 ec 2c                   sub    $0x2c,%esp                 // subtract esp -2

0x2c is not the same as 2


>>  8048b30:      8d 45 d8                   lea    0xffffffd8(%ebp),%eax          // load eax=ebp + 0xfffffffd8

ebp + 0xfffffffd8 is the same as ebp - 40, due to overflow mechanics.


>>  8048b34:      ff 75 08                   pushl  0x8(%ebp)                       // put ebp=ebp+8 in stack

This will push the value at address ebp + 8 onto the stack.


These three are not really important, as they just set up the call to read_six_numbers. Ie. they reserve some space on the stack for the 6 numbers, and pass some parameters.


>>  8048b3c:      83 c4 10                   add    $0x10,%esp                          // esp=esp+1

0x10 is not the same as 1


>>  8048b3f:      83 7d d8 01                cmpl   $0x1,0xffffffd8(%ebp)         // compare ebp to 1

Something is compared to 1 indeed, but it's not ebp ... look closer.


>>  8048b43:      74 05                      je     8048b4a <phase_2+0x21>       // if equal then call phase and   explode                                                                                       the bomb

No, if the values are equal, then the jump is made (je means jump if equal). Now, look at the destination address of the jump (8048b4a) and you know where it jumps to.


>>  8048b52:      0f af 44 9d d4             imul   0xffffffd4(%ebp,%ebx,4),%eax      // eax=4ebx*ebp

imul A, B multiplies A with B, and stores the result in B, so :

        B = B * A

In this case, the A operand is slightly more complicated :

        0xffffffd4(%ebp,%ebx,4)

and is an address calculation that means :

        (ebp + (ebx * 4)) + 0xffffffd4

Remember what I said earlier about adding big values ?


>>  8048b57:      39 44 9d d8                cmp    %eax,0xffffffd8(%ebp,%ebx,4)   // compare eax and .....

And what ? See previous remark.


>>  8048b66:      7e e7                      jle    8048b4f <phase_2+0x26>         // exlode if not equal

jle means jump if less than or equal. Look at the destination address to know where it jumps to. It won't explode the bomb ... it will just begin the next iteration of the loop ...

 

by: dminh01Posted on 2007-11-04 at 16:19:02ID: 20213100

hi infinity08.
question after i read your comment:
1. How do you figure out that ebp+0xfffffffd8 = ebp-40 ?
2. What does it means by lea 0x1(ebx),eax (what it means by 0x1 then (ebx))
Thanks

Also do you know where I can read more about this assembly code ?
I think I still dont understand completely when reading a assembly code. Example in my text book is far to easy compare to this.

If it is possible can you explain a block of code like you did previously in details. I think this help me understand a lot

Thanks

 

by: Infinity08Posted on 2007-11-05 at 05:23:08ID: 20215647

>> 1. How do you figure out that ebp+0xfffffffd8 = ebp-40 ?

You're working on a 32bit platform. If you add 0xffffffd8 to some value, say 0x12345678 :

        12345678      (305419896)
    +   FFFFFFD8      (4294967256)
    ----------------
      112345650      (4600387152)

This result is more than 32 bits wide, so it gets truncated to 0x12345650. In decimal, this sum would be :

      (305419896 + 4294967256) = 305419856

As you see the result is exactly 40 less than the original :

      (305419896 - 40) = 305419856

You could have also seen that by realizing that 0xFFFFFFD8 is -40 when interpreted as a 32bit signed int ;)

Take a look here for more info :

        http://en.wikipedia.org/wiki/Two%27s_complement



>> 2. What does it means by lea 0x1(ebx),eax (what it means by 0x1 then (ebx))

This is the addressing mode ... 0x1(ebx) means that ebx is the base address, and 0x1 is the offset to that base address. So, the actual address is (ebx + 1)


>> Also do you know where I can read more about this assembly code ?

What do you mean ? You didn't get a reference for all the instructions ?


>> I think I still dont understand completely when reading a assembly code.

It isn't a simple thing, and requires a lot of exercise, so don't feel bad. Just dive in, and try to take it one bit at a time.


>> If it is possible can you explain a block of code like you did previously in details. I think this help me understand a lot

Just show me a block that you want me to explain, and I'll be happy to do it. Not too long of course ;)

 

by: dminh01Posted on 2007-11-05 at 09:26:45ID: 20217724

Thanks alot
with your help I was able to defuse the bomb until phase 3. Now I am having trouble understanding this code
Dump of assembler code for function func4:
0x08048bf7 <func4+0>:      push   %ebp
0x08048bf8 <func4+1>:      mov    %esp,%ebp
0x08048bfa <func4+3>:      mov    0x8(%ebp),%edx
0x08048bfd <func4+6>:      mov    $0x1,%eax
0x08048c02 <func4+11>:      test   %edx,%edx
0x08048c04 <func4+13>:      jle    0x8048c1d <func4+38>
0x08048c06 <func4+15>:      sub    $0xc,%esp
0x08048c09 <func4+18>:      lea    0xffffffff(%edx),%eax
0x08048c0c <func4+21>:      push   %eax
0x08048c0d <func4+22>:      call   0x8048bf7 <func4>
0x08048c12 <func4+27>:      lea    0x0(,%eax,8),%edx
0x08048c19 <func4+34>:      sub    %eax,%edx
0x08048c1b <func4+36>:      mov    %edx,%eax
0x08048c1d <func4+38>:      leave  
0x08048c1e <func4+39>:      ret  

can you explain me what this block of code is fdoing. It seems like it minus 1 every time


thanks


 

by: Infinity08Posted on 2007-11-05 at 11:07:37ID: 20218477

>> with your help I was able to defuse the bomb until phase 3.

Nice !!


>> can you explain me what this block of code is fdoing. It seems like it minus 1 every time

It's a bit more than just - 1, but you're close.

Here's a first translation of the instructions :

08048bf7 <func4>:
 8048bf7:      55                         push   %ebp
 8048bf8:      89 e5                      mov    %esp,%ebp
 8048bfa:      8b 55 08                   mov    0x8(%ebp),%edx              edx = param1;
 8048bfd:      b8 01 00 00 00             mov    $0x1,%eax                    eax = 1;
 8048c02:      85 d2                      test   %edx,%edx                  
 8048c04:      7e 17                      jle    8048c1d <func4+0x26>         if (edx <= 0) goto 0x08048c1d;
 8048c06:      83 ec 0c                   sub    $0xc,%esp                          esp -= 0x0c;
 8048c09:      8d 42 ff                   lea    0xffffffff(%edx),%eax            eax = edx - 1;
 8048c0c:      50                         push   %eax                        
 8048c0d:      e8 e5 ff ff ff             call   8048bf7 <func4>                   eax = func4(eax);
 8048c12:      8d 14 c5 00 00 00 00       lea    0x0(,%eax,8),%edx     edx = 8 * eax;
 8048c19:      29 c2                      sub    %eax,%edx                          edx -= eax;
 8048c1b:      89 d0                      mov    %edx,%eax                         eax = edx;
 8048c1d:      c9                         leave                                                return eax;
 8048c1e:      c3                         ret    

Or, a reverse engineered C function :

        long func4(long val) {
            long ret = 1;
            if (val > 0) {
                ret = 7 * func4(val - 1);
            }
            return ret;
        }

which is basically a function that calculates 7^val.

Double-check to make sure I didn't make any mistakes ;) You never know :)

 

by: Infinity08Posted on 2007-11-05 at 11:08:38ID: 20218487

If anything is not clear in the reverse engineering process above, then let me know, and I'll be glad to explain it a bit more. It's important that you understand how I did it ;)

 

by: dminh01Posted on 2007-11-05 at 19:34:00ID: 20221234

thanks I get to phase 5 now but I get stuck at phase_5
can you give me some hint.
thanks

 

by: dminh01Posted on 2007-11-05 at 19:38:38ID: 20221249

is it possible if you can do the reverse to C for phase_5
it help so much

thanks

 

by: Infinity08Posted on 2007-11-05 at 22:24:24ID: 20221732

Do you understand how I did it ? Don't hesitate to ask for clarifications if something isn't clear !

 

by: evilrixPosted on 2007-11-06 at 03:52:27ID: 20222998

>> Do you understand how I did it ? Don't hesitate to ask for clarifications if something isn't clear !
No, absolutely not a clue! I followed this thread with interest because, frankly, I am too stupid to understand it :(

Nice work Infinity08 (/me is awe) -- maybe one day I'll post a Q with a few thousand points and you can explain to me exactly how you figured this out :)

Meanwhile, I think I'll stick to my nice an fluffy C++ :)

 

by: Infinity08Posted on 2007-11-07 at 04:58:46ID: 20231542

>> I think I'll stick to my nice an fluffy C++ :)

I thought you went for brainfuck ? ;)

Thanks for the nice comments !!

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...