[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
8.3

Binary Bomb Phase 2

Asked by purewin in Assembly Programming Language, C Programming Language, Linux Programming

Tags: Binary, Bomb, Phase 2

I'm trying to get the value of the register of eax at the address  0x8048dc0. The assembler dump is below. Basically it reads 6 numbers and compares them to value of eax and the above memory location if I'm correct. I can't quite figure out how to iterate through the loop to get the register value each time it loops.

Right now the is what I'm doing:

(gdb) disas phase_2
Dump of assembler code for function phase_2:
0x08048d91 <phase_2+0>: push   %ebp
0x08048d92 <phase_2+1>: mov    %esp,%ebp
0x08048d94 <phase_2+3>: push   %esi
0x08048d95 <phase_2+4>: push   %ebx
0x08048d96 <phase_2+5>: sub    $0x30,%esp
0x08048d99 <phase_2+8>: lea    -0x20(%ebp),%eax
0x08048d9c <phase_2+11>:        mov    %eax,0x4(%esp)
0x08048da0 <phase_2+15>:        mov    0x8(%ebp),%eax
0x08048da3 <phase_2+18>:        mov    %eax,(%esp)
0x08048da6 <phase_2+21>:        call   0x8048f56 <read_six_numbers>
0x08048dab <phase_2+26>:        cmpl   $0x1,-0x20(%ebp)
0x08048daf <phase_2+30>:        je     0x8048db6 <phase_2+37>
0x08048db1 <phase_2+32>:        call   0x8048f2c <explode_bomb>
0x08048db6 <phase_2+37>:        mov    $0x2,%ebx
0x08048dbb <phase_2+42>:        lea    -0x20(%ebp),%esi
0x08048dbe <phase_2+45>:        mov    %ebx,%eax
0x08048dc0 <phase_2+47>:        imul   -0x8(%esi,%ebx,4),%eax
0x08048dc5 <phase_2+52>:        cmp    %eax,-0x4(%esi,%ebx,4)
0x08048dc9 <phase_2+56>:        je     0x8048dd0 <phase_2+63>
0x08048dcb <phase_2+58>:        call   0x8048f2c <explode_bomb>
0x08048dd0 <phase_2+63>:        add    $0x1,%ebx
0x08048dd3 <phase_2+66>:        cmp    $0x7,%ebx
0x08048dd6 <phase_2+69>:        jne    0x8048dbe <phase_2+45>
0x08048dd8 <phase_2+71>:        add    $0x30,%esp
0x08048ddb <phase_2+74>:        pop    %ebx
0x08048ddc <phase_2+75>:        pop    %esi
0x08048ddd <phase_2+76>:        pop    %ebp
0x08048dde <phase_2+77>:        ret    
End of assembler dump.
(gdb) break *0x08048dc0
Breakpoint 4 at 0x8048dc0
(gdb) r input.txt
Starting program: /home/jalexanb/lab1/bomb72/bomb-quiet input.txt
Welcome to my fiendish little bomb. You have 6 phases with
which to blow yourself up. Have a nice day!
Phase 1 defused. How about the next one?

Breakpoint 3, 0x08048d96 in phase_2 ()
(gdb) info registers
eax            0x804a890        134523024
ecx            0xd      13
edx            0x2      2
ebx            0xbffe9cb4       -1073832780
esp            0xbffe9bf0       0xbffe9bf0
ebp            0xbffe9bf8       0xbffe9bf8
esi            0x941ca0 9706656
edi            0x0      0
eip            0x8048d96        0x8048d96 <phase_2+5>
eflags         0x282    [ SF IF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51
(gdb) step
Single stepping until exit from function phase_2,
which has no line number information.

BOOM!!!
The bomb has blown up.

Program exited with code 010.


I'm not sure what I'm not doing correctly any thoughts? 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:

Dump of assembler code for function phase_2:
0x08048d91 <phase_2+0>: push   %ebp
0x08048d92 <phase_2+1>: mov    %esp,%ebp
0x08048d94 <phase_2+3>: push   %esi
0x08048d95 <phase_2+4>: push   %ebx
0x08048d96 <phase_2+5>: sub    $0x30,%esp
0x08048d99 <phase_2+8>: lea    -0x20(%ebp),%eax
0x08048d9c <phase_2+11>:        mov    %eax,0x4(%esp)
0x08048da0 <phase_2+15>:        mov    0x8(%ebp),%eax
0x08048da3 <phase_2+18>:        mov    %eax,(%esp)
0x08048da6 <phase_2+21>:        call   0x8048f56 <read_six_numbers>
0x08048dab <phase_2+26>:        cmpl   $0x1,-0x20(%ebp)
0x08048daf <phase_2+30>:        je     0x8048db6 <phase_2+37>
0x08048db1 <phase_2+32>:        call   0x8048f2c <explode_bomb>
0x08048db6 <phase_2+37>:        mov    $0x2,%ebx
0x08048dbb <phase_2+42>:        lea    -0x20(%ebp),%esi
0x08048dbe <phase_2+45>:        mov    %ebx,%eax
0x08048dc0 <phase_2+47>:        imul   -0x8(%esi,%ebx,4),%eax
0x08048dc5 <phase_2+52>:        cmp    %eax,-0x4(%esi,%ebx,4)
0x08048dc9 <phase_2+56>:        je     0x8048dd0 <phase_2+63>
0x08048dcb <phase_2+58>:        call   0x8048f2c <explode_bomb>
0x08048dd0 <phase_2+63>:        add    $0x1,%ebx
0x08048dd3 <phase_2+66>:        cmp    $0x7,%ebx
0x08048dd6 <phase_2+69>:        jne    0x8048dbe <phase_2+45>
0x08048dd8 <phase_2+71>:        add    $0x30,%esp
0x08048ddb <phase_2+74>:        pop    %ebx
0x08048ddc <phase_2+75>:        pop    %esi
0x08048ddd <phase_2+76>:        pop    %ebp
0x08048dde <phase_2+77>:        ret    
End of assembler dump.
 
Related Solutions
Keywords: Binary Bomb Phase 2
Title
1 binary bomb phase 3
2 Diffusing A Binary Bomb
3 Binary Bomb Final Phase
4 diffusing a bomb
5 defusing the  binary bomb,
6 Binarybomb phase_2
 
Loading Advertisement...
 
[+][-]10/19/09 11:38 AM, ID: 25607798Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: Assembly Programming Language, C Programming Language, Linux Programming
Tags: Binary, Bomb, Phase 2
Sign Up Now!
Solution Provided By: Infinity08
Participating Experts: 2
Solution Grade: A
 
[+][-]10/18/09 12:36 PM, ID: 25601057Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/18/09 02:07 PM, ID: 25601422Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/18/09 04:42 PM, ID: 25601899Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/18/09 06:15 PM, ID: 25602165Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/19/09 02:26 AM, ID: 25603654Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/19/09 02:43 AM, ID: 25603731Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/19/09 07:24 AM, ID: 25605379Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/19/09 07:35 AM, ID: 25605473Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/19/09 07:39 AM, ID: 25605514Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/19/09 07:43 AM, ID: 25605558Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/19/09 08:10 AM, ID: 25605858Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/19/09 08:19 AM, ID: 25605947Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/19/09 08:24 AM, ID: 25606016Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/19/09 08:29 AM, ID: 25606084Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/19/09 08:34 AM, ID: 25606135Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/19/09 08:37 AM, ID: 25606179Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/19/09 09:05 AM, ID: 25606449Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/19/09 09:09 AM, ID: 25606489Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/19/09 12:58 PM, ID: 25608414Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/19/09 01:26 PM, ID: 25608683Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/19/09 01:28 PM, ID: 25608698Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091111-EE-VQP-92 - Hierarchy / EE_QW_3_20080625