	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

05/14/2009 at 09:23AM PDT, ID: 24409161 | Points: 500

	[x] Attachment Details

Reverse Engineering part of a binary bomb

Asked by mistful in Algorithms, Assembly Programming Language

I'm trying to reverse engineer part of a binary bomb to work out what the code does. Right now I'm working on diffusing level_2. I'm having some trouble figuring out what this code does:

View the Solution FREE for 30 Days

         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:

           
           
             08048eb0 <level_2>:
 8048eb0:       55                      push   %ebp
 8048eb1:       89 e5                   mov    %esp,%ebp
 8048eb3:       83 ec 28                sub    $0x28,%esp
 8048eb6:       8d 45 f8                lea    -0x8(%ebp),%eax
 8048eb9:       89 44 24 0c             mov    %eax,0xc(%esp)
 8048ebd:       8d 45 f4                lea    -0xc(%ebp),%eax
 8048ec0:       89 44 24 08             mov    %eax,0x8(%esp)
 8048ec4:       c7 44 24 04 02 a1 04    movl   $0x804a102,0x4(%esp)
 8048ecb:       08 
 8048ecc:       8b 45 08                mov    0x8(%ebp),%eax
 8048ecf:       89 04 24                mov    %eax,(%esp)
 8048ed2:       e8 1d fd ff ff          call   8048bf4 <sscanf@plt>
 8048ed7:       89 45 fc                mov    %eax,-0x4(%ebp)
 8048eda:       83 7d fc 01             cmpl   $0x1,-0x4(%ebp)
 8048ede:       7f 05                   jg     8048ee5 <level_2+0x35>
 8048ee0:       e8 75 0e 00 00          call   8049d5a <explode_bomb>
 8048ee5:       8b 45 f4                mov    -0xc(%ebp),%eax
 8048ee8:       89 44 24 04             mov    %eax,0x4(%esp)
 8048eec:       c7 04 24 40 bc 04 08    movl   $0x804bc40,(%esp)
 8048ef3:       e8 0c fb ff ff          call   8048a04 <strchr@plt>
 8048ef8:       89 c2                   mov    %eax,%edx
 8048efa:       b8 40 bc 04 08          mov    $0x804bc40,%eax
 8048eff:       29 c2                   sub    %eax,%edx
 8048f01:       8b 45 f8                mov    -0x8(%ebp),%eax
 8048f04:       39 c2                   cmp    %eax,%edx
 8048f06:       74 05                   je     8048f0d <level_2+0x5d>
 8048f08:       e8 4d 0e 00 00          call   8049d5a <explode_bomb>
 8048f0d:       c9                      leave  
 8048f0e:       c3                      ret

           
         

20090824-EE-VQP-74 - Hierarchy / EE_QW_3_20080625

1. Infinity0899,180
2. DropZone10,500
3. t0t08,520
4. ozo7,000
5. abel4,375
6. evilrix4,332
7. jcgriff24,000
8. garycase3,750
9. nobus3,000
10. billprew2,860
11. TheLearn...2,500
11. ikework2,500
11. ravenpl2,500
14. itsmeandn...2,332
15. giltjr2,164
16. woolmilkp...2,150
17. Hypo2,000
17. tliotta2,000
17. vo1d2,000
17. Agarici2,000
17. oBdA2,000
17. Sandra-242,000
17. moorhous...2,000
17. bounsy2,000
17. McKnife2,000
17. noci2,000
17. kaufmed2,000
17. Eladla2,000
17. DefreeCo...2,000
17. mgonullu2,000
17. HooKooD...2,000
17. comegets...2,000
17. sjl19862,000
17. xenacode2,000
17. HalfAsleep2,000
17. climbgunks2,000
17. roman22,000
17. intelfx2,000

1. Infinity08233,426
2. dimitry158,876
3. grg99116,208
4. mzvika56,009
5. BrianGEF...52,043
6. BeyondWu51,715
7. PaulCasw...50,139
8. manish_r...30,623
9. stefan7325,328
10. PeterdLo20,472
11. Dancie17,978
12. ozo16,114
13. mtmike15,779
14. abith13,536
15. billious12,777
16. DeanHorak12,698
17. DropZone11,500
18. joghurt11,070
19. _Katka_10,600
20. craigward...9,570
21. AlexFM9,504
22. evilrix9,332
23. Jase-Co...9,100
24. ravenpl8,980
25. TheLearn...8,875