Solved: Assembly IA 32 help | Experts Exchange

ASKER

I soved it. I looked at the %eax on the last cmp. used that number for my second input (i think this is what i did, he it was an hour ago). not sure how how well I know how I solved it but I managed to solve 2 more. on the last. thnx.

Infinity08

I'm sure you found it, but I'll just indicate the critical lines (to make sure) :

This line makes the jump over the explode_bomb call, so we want to trigger that :

8048d4f: 7f 05 jg 8048d56 <phase_3+0x31>

This line makes the decision/check for the jump :

8048d4c: 83 f8 01 cmp $0x1,%eax //checks for 2 ints

And this line sets the %eax value :

8048d47: e8 80 fb ff ff call 80488cc <sscanf@plt> //converts 2 strings to 2 int's

So, we want to make sure that %eax (the return value of the sscanf function call) is set to a value lower than 1. Figuring out what input to give to achieve that is trivial given the reference page for sscanf :

http://www.cplusplus.com/reference/clibrary/cstdio/sscanf.html

tomis385

ASKER

Thanks for the reply. The points are still up for grabs if you can help me out on this problem. I solved all the phases and the program exits normally, which is good. But now I want to get to the <secret_phase>

I thought that maybe in <phase_3> I could use
8048d60: ff 24 85 40 99 04 08 jmp *0x8049940(,%eax,4) // "*0x8049940" -----> 0x8048d79

to jump to
8049252:      e8 cb f9 ff ff       call 8048c22 <secret_phase> // this is in <phase_defused>

Although the <sscanf> function is what is setting %eax in the jmp. sscanf is getting "%d %d" passed in, so a 0, 1 or 2 will be returned to %eax.

I can't find any other way to get to <secret_phase>. How can I get there?? Here is the assembly.
Also once I'm there I believe it will be defused if I type in ROMNEY_FOR_PRESIDENT but I'm not sure.

bomb: file format elf32-i386

Disassembly of section .init:

080486d4 <_init>:
80486d4:      55       push %ebp
80486d5:      89 e5      mov %esp,%ebp
80486d7:      83 ec 08       sub $0x8,%esp
80486da:      e8 55 02 00 00       call 8048934 <call_gmon_start>
80486df:      e8 dc 02 00 00       call 80489c0 <frame_dummy>
80486e4:      e8 67 10 00 00       call 8049750 <__do_global_ctors_aux>
80486e9:      c9       leave
80486ea:      c3       ret
Disassembly of section .plt:

080486ec <sprintf@plt-0x10>:
80486ec:      ff 35 78 b4 04 08      pushl 0x804b478
80486f2:      ff 25 7c b4 04 08      jmp *0x804b47c
80486f8:      00 00      add %al,(%eax)
      ...

080486fc <sprintf@plt>:
80486fc:      ff 25 80 b4 04 08      jmp *0x804b480
8048702:      68 00 00 00 00       push $0x0
8048707:      e9 e0 ff ff ff       jmp 80486ec <_init+0x18>

0804870c <connect@plt>:
804870c:      ff 25 84 b4 04 08      jmp *0x804b484
8048712:      68 08 00 00 00       push $0x8
8048717:      e9 d0 ff ff ff       jmp 80486ec <_init+0x18>

0804871c <signal@plt>:
804871c:      ff 25 88 b4 04 08      jmp *0x804b488
8048722:      68 10 00 00 00       push $0x10
8048727:      e9 c0 ff ff ff       jmp 80486ec <_init+0x18>

0804872c <__gmon_start__@plt>:
804872c:      ff 25 8c b4 04 08      jmp *0x804b48c
8048732:      68 18 00 00 00       push $0x18
8048737:      e9 b0 ff ff ff       jmp 80486ec <_init+0x18>

0804873c <rewind@plt>:
804873c:      ff 25 90 b4 04 08      jmp *0x804b490
8048742:      68 20 00 00 00       push $0x20
8048747:      e9 a0 ff ff ff       jmp 80486ec <_init+0x18>

0804874c <getenv@plt>:
804874c:      ff 25 94 b4 04 08      jmp *0x804b494
8048752:      68 28 00 00 00       push $0x28
8048757:      e9 90 ff ff ff       jmp 80486ec <_init+0x18>

0804875c <system@plt>:
804875c:      ff 25 98 b4 04 08      jmp *0x804b498
8048762:      68 30 00 00 00       push $0x30
8048767:      e9 80 ff ff ff       jmp 80486ec <_init+0x18>

0804876c <fgets@plt>:
804876c:      ff 25 9c b4 04 08      jmp *0x804b49c
8048772:      68 38 00 00 00       push $0x38
8048777:      e9 70 ff ff ff       jmp 80486ec <_init+0x18>

0804877c <__strtol_internal@plt>:
804877c:      ff 25 a0 b4 04 08      jmp *0x804b4a0
8048782:      68 40 00 00 00       push $0x40
8048787:      e9 60 ff ff ff       jmp 80486ec <_init+0x18>

0804878c <__libc_start_main@plt>:
804878c:      ff 25 a4 b4 04 08      jmp *0x804b4a4
8048792:      68 48 00 00 00       push $0x48
8048797:      e9 50 ff ff ff       jmp 80486ec <_init+0x18>

0804879c <tmpfile@plt>:
804879c:      ff 25 a8 b4 04 08      jmp *0x804b4a8
80487a2:      68 50 00 00 00       push $0x50
80487a7:      e9 40 ff ff ff       jmp 80486ec <_init+0x18>

080487ac <fflush@plt>:
80487ac:      ff 25 ac b4 04 08      jmp *0x804b4ac
80487b2:      68 58 00 00 00       push $0x58
80487b7:      e9 30 ff ff ff       jmp 80486ec <_init+0x18>

080487bc <socket@plt>:
80487bc:      ff 25 b0 b4 04 08      jmp *0x804b4b0
80487c2:      68 60 00 00 00       push $0x60
80487c7:      e9 20 ff ff ff       jmp 80486ec <_init+0x18>

080487cc <__ctype_b_loc@plt>:
80487cc:      ff 25 b4 b4 04 08      jmp *0x804b4b4
80487d2:      68 68 00 00 00       push $0x68
80487d7:      e9 10 ff ff ff       jmp 80486ec <_init+0x18>

080487dc <fclose@plt>:
80487dc:      ff 25 b8 b4 04 08      jmp *0x804b4b8
80487e2:      68 70 00 00 00       push $0x70
80487e7:      e9 00 ff ff ff       jmp 80486ec <_init+0x18>

080487ec <bcopy@plt>:
80487ec:      ff 25 bc b4 04 08      jmp *0x804b4bc
80487f2:      68 78 00 00 00       push $0x78
80487f7:      e9 f0 fe ff ff       jmp 80486ec <_init+0x18>

080487fc <dup@plt>:
80487fc:      ff 25 c0 b4 04 08      jmp *0x804b4c0
8048802:      68 80 00 00 00       push $0x80
8048807:      e9 e0 fe ff ff       jmp 80486ec <_init+0x18>

0804880c <fopen@plt>:
804880c:      ff 25 c4 b4 04 08      jmp *0x804b4c4
8048812:      68 88 00 00 00       push $0x88
8048817:      e9 d0 fe ff ff       jmp 80486ec <_init+0x18>

0804881c <feof@plt>:
804881c:      ff 25 c8 b4 04 08      jmp *0x804b4c8
8048822:      68 90 00 00 00       push $0x90
8048827:      e9 c0 fe ff ff       jmp 80486ec <_init+0x18>

0804882c <strcpy@plt>:
804882c:      ff 25 cc b4 04 08      jmp *0x804b4cc
8048832:      68 98 00 00 00       push $0x98
8048837:      e9 b0 fe ff ff       jmp 80486ec <_init+0x18>

0804883c <printf@plt>:
804883c:      ff 25 d0 b4 04 08      jmp *0x804b4d0
8048842:      68 a0 00 00 00       push $0xa0
8048847:      e9 a0 fe ff ff       jmp 80486ec <_init+0x18>

0804884c <close@plt>:
804884c:      ff 25 d4 b4 04 08      jmp *0x804b4d4
8048852:      68 a8 00 00 00       push $0xa8
8048857:      e9 90 fe ff ff       jmp 80486ec <_init+0x18>

0804885c <fwrite@plt>:
804885c:      ff 25 d8 b4 04 08      jmp *0x804b4d8
8048862:      68 b0 00 00 00       push $0xb0
8048867:      e9 80 fe ff ff       jmp 80486ec <_init+0x18>

0804886c <fprintf@plt>:
804886c:      ff 25 dc b4 04 08      jmp *0x804b4dc
8048872:      68 b8 00 00 00       push $0xb8
8048877:      e9 70 fe ff ff       jmp 80486ec <_init+0x18>

0804887c <cuserid@plt>:
804887c:      ff 25 e0 b4 04 08      jmp *0x804b4e0
8048882:      68 c0 00 00 00       push $0xc0
8048887:      e9 60 fe ff ff       jmp 80486ec <_init+0x18>

0804888c <gethostname@plt>:
804888c:      ff 25 e4 b4 04 08      jmp *0x804b4e4
8048892:      68 c8 00 00 00       push $0xc8
8048897:      e9 50 fe ff ff       jmp 80486ec <_init+0x18>

0804889c <fputc@plt>:
804889c:      ff 25 e8 b4 04 08      jmp *0x804b4e8
80488a2:      68 d0 00 00 00       push $0xd0
80488a7:      e9 40 fe ff ff       jmp 80486ec <_init+0x18>

080488ac <sleep@plt>:
80488ac:      ff 25 ec b4 04 08      jmp *0x804b4ec
80488b2:      68 d8 00 00 00       push $0xd8
80488b7:      e9 30 fe ff ff       jmp 80486ec <_init+0x18>

080488bc <puts@plt>:
80488bc:      ff 25 f0 b4 04 08      jmp *0x804b4f0
80488c2:      68 e0 00 00 00       push $0xe0
80488c7:      e9 20 fe ff ff       jmp 80486ec <_init+0x18>

080488cc <sscanf@plt>:
80488cc:      ff 25 f4 b4 04 08      jmp *0x804b4f4
80488d2:      68 e8 00 00 00       push $0xe8
80488d7:      e9 10 fe ff ff       jmp 80486ec <_init+0x18>

080488dc <fscanf@plt>:
80488dc:      ff 25 f8 b4 04 08      jmp *0x804b4f8
80488e2:      68 f0 00 00 00       push $0xf0
80488e7:      e9 00 fe ff ff       jmp 80486ec <_init+0x18>

080488ec <gethostbyname@plt>:
80488ec:      ff 25 fc b4 04 08      jmp *0x804b4fc
80488f2:      68 f8 00 00 00       push $0xf8
80488f7:      e9 f0 fd ff ff       jmp 80486ec <_init+0x18>

080488fc <exit@plt>:
80488fc:      ff 25 00 b5 04 08      jmp *0x804b500
8048902:      68 00 01 00 00       push $0x100
8048907:      e9 e0 fd ff ff       jmp 80486ec <_init+0x18>
Disassembly of section .text:

08048910 <_start>:
8048910:      31 ed      xor %ebp,%ebp
8048912:      5e       pop %esi
8048913:      89 e1      mov %esp,%ecx
8048915:      83 e4 f0       and $0xfffffff0,%esp
8048918:      50       push %eax
8048919:      54       push %esp
804891a:      52       push %edx
804891b:      68 d0 96 04 08       push $0x80496d0
8048920:      68 e0 96 04 08       push $0x80496e0
8048925:      51       push %ecx
8048926:      56       push %esi
8048927:      68 e4 89 04 08       push $0x80489e4
804892c:      e8 5b fe ff ff       call 804878c <__libc_start_main@plt>
8048931:      f4       hlt
8048932:      90       nop
8048933:      90       nop

08048934 <call_gmon_start>:
8048934:      55       push %ebp
8048935:      89 e5      mov %esp,%ebp
8048937:      53       push %ebx
8048938:      83 ec 04       sub $0x4,%esp
804893b:      e8 00 00 00 00       call 8048940 <call_gmon_start+0xc>
8048940:      5b       pop %ebx
8048941:      81 c3 34 2b 00 00      add $0x2b34,%ebx
8048947:      8b 93 fc ff ff ff      mov 0xfffffffc(%ebx),%edx
804894d:      85 d2      test %edx,%edx
804894f:      74 05      je 8048956 <call_gmon_start+0x22>
8048951:      e8 d6 fd ff ff       call 804872c <__gmon_start__@plt>
8048956:      58       pop %eax
8048957:      5b       pop %ebx
8048958:      c9       leave
8048959:      c3       ret
804895a:      90       nop
804895b:      90       nop
804895c:      90       nop
804895d:      90       nop
804895e:      90       nop
804895f:      90       nop

08048960 <__do_global_dtors_aux>:
8048960:      55       push %ebp
8048961:      89 e5      mov %esp,%ebp
8048963:      53       push %ebx
8048964:      83 ec 04       sub $0x4,%esp
8048967:      80 3d 2c bc 04 08 00       cmpb $0x0,0x804bc2c
804896e:      75 3f      jne 80489af <__do_global_dtors_aux+0x4f>
8048970:      b8 a0 b3 04 08       mov $0x804b3a0,%eax
8048975:      2d 9c b3 04 08       sub $0x804b39c,%eax
804897a:      c1 f8 02       sar $0x2,%eax
804897d:      8d 58 ff       lea 0xffffffff(%eax),%ebx
8048980:      a1 28 bc 04 08       mov 0x804bc28,%eax
8048985:      39 c3      cmp %eax,%ebx
8048987:      76 1f      jbe 80489a8 <__do_global_dtors_aux+0x48>
8048989:      8d b4 26 00 00 00 00       lea 0x0(%esi),%esi
8048990:      83 c0 01       add $0x1,%eax
8048993:      a3 28 bc 04 08       mov %eax,0x804bc28
8048998:      ff 14 85 9c b3 04 08       call *0x804b39c(,%eax,4)
804899f:      a1 28 bc 04 08       mov 0x804bc28,%eax
80489a4:      39 c3      cmp %eax,%ebx
80489a6:      77 e8      ja 8048990 <__do_global_dtors_aux+0x30>
80489a8:      c6 05 2c bc 04 08 01       movb $0x1,0x804bc2c
80489af:      83 c4 04       add $0x4,%esp
80489b2:      5b       pop %ebx
80489b3:      5d       pop %ebp
80489b4:      c3       ret
80489b5:      8d 74 26 00      lea 0x0(%esi),%esi
80489b9:      8d bc 27 00 00 00 00       lea 0x0(%edi),%edi

080489c0 <frame_dummy>:
80489c0:      55       push %ebp
80489c1:      89 e5      mov %esp,%ebp
80489c3:      83 ec 08       sub $0x8,%esp
80489c6:      a1 a4 b3 04 08       mov 0x804b3a4,%eax
80489cb:      85 c0      test %eax,%eax
80489cd:      74 12      je 80489e1 <frame_dummy+0x21>
80489cf:      b8 00 00 00 00       mov $0x0,%eax
80489d4:      85 c0      test %eax,%eax
80489d6:      74 09      je 80489e1 <frame_dummy+0x21>
80489d8:      c7 04 24 a4 b3 04 08       movl $0x804b3a4,(%esp)
80489df:      ff d0      call *%eax
80489e1:      c9       leave
80489e2:      c3       ret
80489e3:      90       nop

080489e4 <main>:
80489e4:      8d 4c 24 04      lea 0x4(%esp),%ecx
80489e8:      83 e4 f0       and $0xfffffff0,%esp
80489eb:      ff 71 fc       pushl 0xfffffffc(%ecx)
80489ee:      55       push %ebp
80489ef:      89 e5      mov %esp,%ebp
80489f1:      53       push %ebx
80489f2:      51       push %ecx
80489f3:      83 ec 10       sub $0x10,%esp
80489f6:      8b 01      mov (%ecx),%eax
80489f8:      8b 59 04       mov 0x4(%ecx),%ebx
80489fb:      83 f8 01       cmp $0x1,%eax
80489fe:      75 0c      jne 8048a0c <main+0x28>
8048a00:      a1 20 bc 04 08       mov 0x804bc20,%eax
8048a05:      a3 38 bc 04 08       mov %eax,0x804bc38
8048a0a:      eb 64      jmp 8048a70 <main+0x8c>
8048a0c:      83 f8 02       cmp $0x2,%eax
8048a0f:      75 41      jne 8048a52 <main+0x6e>
8048a11:      c7 44 24 04 b2 99 04       movl $0x80499b2,0x4(%esp)
8048a18:      08
8048a19:      8b 43 04       mov 0x4(%ebx),%eax
8048a1c:      89 04 24       mov %eax,(%esp)
8048a1f:      e8 e8 fd ff ff       call 804880c <fopen@plt>
8048a24:      a3 38 bc 04 08       mov %eax,0x804bc38
8048a29:      85 c0      test %eax,%eax
8048a2b:      75 43      jne 8048a70 <main+0x8c>
8048a2d:      8b 43 04       mov 0x4(%ebx),%eax
8048a30:      89 44 24 08      mov %eax,0x8(%esp)
8048a34:      8b 03      mov (%ebx),%eax
8048a36:      89 44 24 04      mov %eax,0x4(%esp)
8048a3a:      c7 04 24 ac 97 04 08       movl $0x80497ac,(%esp)
8048a41:      e8 f6 fd ff ff       call 804883c <printf@plt>
8048a46:      c7 04 24 08 00 00 00       movl $0x8,(%esp)
8048a4d:      e8 aa fe ff ff       call 80488fc <exit@plt>
8048a52:      8b 03      mov (%ebx),%eax
8048a54:      89 44 24 04      mov %eax,0x4(%esp)
8048a58:      c7 04 24 c9 97 04 08       movl $0x80497c9,(%esp)
8048a5f:      e8 d8 fd ff ff       call 804883c <printf@plt>
8048a64:      c7 04 24 08 00 00 00       movl $0x8,(%esp)
8048a6b:      e8 8c fe ff ff       call 80488fc <exit@plt>
8048a70:      e8 54 0b 00 00       call 80495c9 <initialize_bomb>
8048a75:      c7 04 24 30 98 04 08       movl $0x8049830,(%esp)
8048a7c:      e8 3b fe ff ff       call 80488bc <puts@plt>
8048a81:      c7 04 24 6c 98 04 08       movl $0x804986c,(%esp)
8048a88:      e8 2f fe ff ff       call 80488bc <puts@plt>
8048a8d:      e8 f2 08 00 00       call 8049384 <read_line>
8048a92:      89 04 24       mov %eax,(%esp)
8048a95:      e8 86 03 00 00       call 8048e20 <phase_1>
8048a9a:      e8 2f 07 00 00       call 80491ce <phase_defused>
8048a9f:      c7 04 24 98 98 04 08       movl $0x8049898,(%esp)
8048aa6:      e8 11 fe ff ff       call 80488bc <puts@plt>
8048aab:      e8 d4 08 00 00       call 8049384 <read_line>
8048ab0:      89 04 24       mov %eax,(%esp)
8048ab3:      e8 0e 03 00 00       call 8048dc6 <phase_2>
8048ab8:      e8 11 07 00 00       call 80491ce <phase_defused>
8048abd:      c7 04 24 e3 97 04 08       movl $0x80497e3,(%esp)
8048ac4:      e8 f3 fd ff ff       call 80488bc <puts@plt>
8048ac9:      e8 b6 08 00 00       call 8049384 <read_line>
8048ace:      89 04 24       mov %eax,(%esp)
8048ad1:      e8 4f 02 00 00       call 8048d25 <phase_3>
8048ad6:      e8 f3 06 00 00       call 80491ce <phase_defused>
8048adb:      c7 04 24 01 98 04 08       movl $0x8049801,(%esp)
8048ae2:      e8 d5 fd ff ff       call 80488bc <puts@plt>
8048ae7:      e8 98 08 00 00       call 8049384 <read_line>
8048aec:      89 04 24       mov %eax,(%esp)
8048aef:      e8 e8 01 00 00       call 8048cdc <phase_4>
8048af4:      e8 d5 06 00 00       call 80491ce <phase_defused>
8048af9:      c7 04 24 c4 98 04 08       movl $0x80498c4,(%esp)
8048b00:      e8 b7 fd ff ff       call 80488bc <puts@plt>
8048b05:      e8 7a 08 00 00       call 8049384 <read_line>
8048b0a:      89 04 24       mov %eax,(%esp)
8048b0d:      e8 7e 01 00 00       call 8048c90 <phase_5>
8048b12:      e8 b7 06 00 00       call 80491ce <phase_defused>
8048b17:      c7 04 24 10 98 04 08       movl $0x8049810,(%esp)
8048b1e:      e8 99 fd ff ff       call 80488bc <puts@plt>
8048b23:      e8 5c 08 00 00       call 8049384 <read_line>
8048b28:      89 04 24       mov %eax,(%esp)
8048b2b:      e8 14 03 00 00       call 8048e44 <phase_6>
8048b30:      e8 99 06 00 00       call 80491ce <phase_defused>
8048b35:      b8 00 00 00 00       mov $0x0,%eax
8048b3a:      83 c4 10       add $0x10,%esp
8048b3d:      59       pop %ecx
8048b3e:      5b       pop %ebx
8048b3f:      5d       pop %ebp
8048b40:      8d 61 fc       lea 0xfffffffc(%ecx),%esp
8048b43:      c3       ret
8048b44:      90       nop
8048b45:      90       nop
8048b46:      90       nop
8048b47:      90       nop
8048b48:      90       nop
8048b49:      90       nop
8048b4a:      90       nop
8048b4b:      90       nop
8048b4c:      90       nop
8048b4d:      90       nop
8048b4e:      90       nop
8048b4f:      90       nop

08048b50 <func4>:
8048b50:      55       push %ebp
8048b51:      89 e5      mov %esp,%ebp
8048b53:      53       push %ebx
8048b54:      83 ec 04       sub $0x4,%esp
8048b57:      8b 5d 08       mov 0x8(%ebp),%ebx
8048b5a:      b8 01 00 00 00       mov $0x1,%eax
8048b5f:      83 fb 01       cmp $0x1,%ebx
8048b62:      7e 0e      jle 8048b72 <func4+0x22>
8048b64:      8d 43 ff       lea 0xffffffff(%ebx),%eax
8048b67:      89 04 24       mov %eax,(%esp)
8048b6a:      e8 e1 ff ff ff       call 8048b50 <func4>
8048b6f:      0f af c3       imul %ebx,%eax
8048b72:      83 c4 04       add $0x4,%esp
8048b75:      5b       pop %ebx
8048b76:      5d       pop %ebp
8048b77:      c3       ret

08048b78 <fun6>:
8048b78:      55       push %ebp
8048b79:      89 e5      mov %esp,%ebp
8048b7b:      56       push %esi
8048b7c:      53       push %ebx
8048b7d:      8b 4d 08       mov 0x8(%ebp),%ecx
8048b80:      8b 59 08       mov 0x8(%ecx),%ebx
8048b83:      c7 41 08 00 00 00 00       movl $0x0,0x8(%ecx)
8048b8a:      89 ce      mov %ecx,%esi
8048b8c:      89 c8      mov %ecx,%eax
8048b8e:      89 ca      mov %ecx,%edx
8048b90:      85 db      test %ebx,%ebx
8048b92:      75 2a      jne 8048bbe <fun6+0x46>
8048b94:      eb 34      jmp 8048bca <fun6+0x52>
8048b96:      89 d0      mov %edx,%eax
8048b98:      8b 52 08       mov 0x8(%edx),%edx
8048b9b:      85 d2      test %edx,%edx
8048b9d:      74 04      je 8048ba3 <fun6+0x2b>
8048b9f:      39 0a      cmp %ecx,(%edx)
8048ba1:      7f f3      jg 8048b96 <fun6+0x1e>
8048ba3:      39 d0      cmp %edx,%eax
8048ba5:      75 04      jne 8048bab <fun6+0x33>
8048ba7:      89 de      mov %ebx,%esi
8048ba9:      eb 03      jmp 8048bae <fun6+0x36>
8048bab:      89 58 08       mov %ebx,0x8(%eax)
8048bae:      8b 43 08       mov 0x8(%ebx),%eax
8048bb1:      89 53 08       mov %edx,0x8(%ebx)
8048bb4:      89 c3      mov %eax,%ebx
8048bb6:      89 f2      mov %esi,%edx
8048bb8:      89 f0      mov %esi,%eax
8048bba:      85 db      test %ebx,%ebx
8048bbc:      74 0c      je 8048bca <fun6+0x52>
8048bbe:      85 d2      test %edx,%edx
8048bc0:      74 e1      je 8048ba3 <fun6+0x2b>
8048bc2:      8b 0b      mov (%ebx),%ecx
8048bc4:      39 0a      cmp %ecx,(%edx)
8048bc6:      7f ce      jg 8048b96 <fun6+0x1e>
8048bc8:      eb d9      jmp 8048ba3 <fun6+0x2b>
8048bca:      89 f0      mov %esi,%eax
8048bcc:      5b       pop %ebx
8048bcd:      5e       pop %esi
8048bce:      5d       pop %ebp
8048bcf:      90       nop
8048bd0:      c3       ret

08048bd1 <fun7>:
8048bd1:      55       push %ebp
8048bd2:      89 e5      mov %esp,%ebp
8048bd4:      53       push %ebx
8048bd5:      83 ec 08       sub $0x8,%esp
8048bd8:      8b 5d 08       mov 0x8(%ebp),%ebx
8048bdb:      8b 4d 0c       mov 0xc(%ebp),%ecx
8048bde:      b8 ff ff ff ff       mov $0xffffffff,%eax
8048be3:      85 db      test %ebx,%ebx
8048be5:      74 35      je 8048c1c <fun7+0x4b>
8048be7:      8b 13      mov (%ebx),%edx
8048be9:      39 ca      cmp %ecx,%edx
8048beb:      7e 13      jle 8048c00 <fun7+0x2f>
8048bed:      89 4c 24 04      mov %ecx,0x4(%esp)
8048bf1:      8b 43 04       mov 0x4(%ebx),%eax
8048bf4:      89 04 24       mov %eax,(%esp)
8048bf7:      e8 d5 ff ff ff       call 8048bd1 <fun7>
8048bfc:      01 c0      add %eax,%eax
8048bfe:      eb 1c      jmp 8048c1c <fun7+0x4b>
8048c00:      b8 00 00 00 00       mov $0x0,%eax
8048c05:      39 ca      cmp %ecx,%edx
8048c07:      74 13      je 8048c1c <fun7+0x4b>
8048c09:      89 4c 24 04      mov %ecx,0x4(%esp)
8048c0d:      8b 43 08       mov 0x8(%ebx),%eax
8048c10:      89 04 24       mov %eax,(%esp)
8048c13:      e8 b9 ff ff ff       call 8048bd1 <fun7>
8048c18:      8d 44 00 01      lea 0x1(%eax,%eax,1),%eax
8048c1c:      83 c4 08       add $0x8,%esp
8048c1f:      5b       pop %ebx
8048c20:      5d       pop %ebp
8048c21:      c3       ret

08048c22 <secret_phase>:
8048c22:      55       push %ebp
8048c23:      89 e5      mov %esp,%ebp
8048c25:      53       push %ebx
8048c26:      83 ec 14       sub $0x14,%esp
8048c29:      e8 56 07 00 00       call 8049384 <read_line>
8048c2e:      c7 44 24 0c 00 00 00       movl $0x0,0xc(%esp)
8048c35:      00
8048c36:      c7 44 24 08 0a 00 00       movl $0xa,0x8(%esp)
8048c3d:      00
8048c3e:      c7 44 24 04 00 00 00       movl $0x0,0x4(%esp)
8048c45:      00
8048c46:      89 04 24       mov %eax,(%esp)
8048c49:      e8 2e fb ff ff       call 804877c <__strtol_internal@plt>
8048c4e:      89 c3      mov %eax,%ebx
8048c50:      8d 40 ff       lea 0xffffffff(%eax),%eax
8048c53:      3d e8 03 00 00       cmp $0x3e8,%eax
8048c58:      76 05      jbe 8048c5f <secret_phase+0x3d>
8048c5a:      e8 19 06 00 00       call 8049278 <explode_bomb>
8048c5f:      89 5c 24 04      mov %ebx,0x4(%esp)
8048c63:      c7 04 24 74 ba 04 08       movl $0x804ba74,(%esp)
8048c6a:      e8 62 ff ff ff       call 8048bd1 <fun7>
8048c6f:      83 f8 02       cmp $0x2,%eax
8048c72:      74 05      je 8048c79 <secret_phase+0x57>
8048c74:      e8 ff 05 00 00       call 8049278 <explode_bomb>
8048c79:      c7 04 24 e8 98 04 08       movl $0x80498e8,(%esp)
8048c80:      e8 37 fc ff ff       call 80488bc <puts@plt>
8048c85:      e8 44 05 00 00       call 80491ce <phase_defused>
8048c8a:      83 c4 14       add $0x14,%esp
8048c8d:      5b       pop %ebx
8048c8e:      5d       pop %ebp
8048c8f:      c3       ret

08048c90 <phase_5>:
8048c90:      55       push %ebp
8048c91:      89 e5      mov %esp,%ebp
8048c93:      53       push %ebx
8048c94:      83 ec 04       sub $0x4,%esp
8048c97:      8b 5d 08       mov 0x8(%ebp),%ebx
8048c9a:      89 1c 24       mov %ebx,(%esp)
8048c9d:      e8 fe 01 00 00       call 8048ea0 <string_length>
8048ca2:      83 f8 06       cmp $0x6,%eax
8048ca5:      74 05      je 8048cac <phase_5+0x1c>
8048ca7:      e8 cc 05 00 00       call 8049278 <explode_bomb>
8048cac:      ba 00 00 00 00       mov $0x0,%edx
8048cb1:      b9 00 00 00 00       mov $0x0,%ecx
8048cb6:      0f be 04 1a      movsbl (%edx,%ebx,1),%eax
8048cba:      83 e0 0f       and $0xf,%eax
8048cbd:      03 0c 85 60 99 04 08       add 0x8049960(,%eax,4),%ecx
8048cc4:      83 c2 01       add $0x1,%edx
8048cc7:      83 fa 06       cmp $0x6,%edx
8048cca:      75 ea      jne 8048cb6 <phase_5+0x26>
8048ccc:      83 f9 23       cmp $0x23,%ecx
8048ccf:      74 05      je 8048cd6 <phase_5+0x46>
8048cd1:      e8 a2 05 00 00       call 8049278 <explode_bomb>
8048cd6:      83 c4 04       add $0x4,%esp
8048cd9:      5b       pop %ebx
8048cda:      5d       pop %ebp
8048cdb:      c3       ret

08048cdc <phase_4>:
8048cdc:      55       push %ebp
8048cdd:      89 e5      mov %esp,%ebp
8048cdf:      83 ec 28       sub $0x28,%esp
8048ce2:      8d 45 fc       lea 0xfffffffc(%ebp),%eax
8048ce5:      89 44 24 08      mov %eax,0x8(%esp)
8048ce9:      c7 44 24 04 24 9b 04       movl $0x8049b24,0x4(%esp)
8048cf0:      08
8048cf1:      8b 45 08       mov 0x8(%ebp),%eax
8048cf4:      89 04 24       mov %eax,(%esp)
8048cf7:      e8 d0 fb ff ff       call 80488cc <sscanf@plt>
8048cfc:      83 f8 01       cmp $0x1,%eax
8048cff:      75 06      jne 8048d07 <phase_4+0x2b>
8048d01:      83 7d fc 00      cmpl $0x0,0xfffffffc(%ebp)
8048d05:      7f 05      jg 8048d0c <phase_4+0x30>
8048d07:      e8 6c 05 00 00       call 8049278 <explode_bomb>
8048d0c:      8b 45 fc       mov 0xfffffffc(%ebp),%eax
8048d0f:      89 04 24       mov %eax,(%esp)
8048d12:      e8 39 fe ff ff       call 8048b50 <func4>
8048d17:      3d 80 89 05 00       cmp $0x58980,%eax
8048d1c:      74 05      je 8048d23 <phase_4+0x47>
8048d1e:      e8 55 05 00 00       call 8049278 <explode_bomb>
8048d23:      c9       leave
8048d24:      c3       ret

08048d25 <phase_3>:
8048d25:      55       push %ebp
8048d26:      89 e5      mov %esp,%ebp
8048d28:      83 ec 28       sub $0x28,%esp
8048d2b:      8d 45 f8       lea 0xfffffff8(%ebp),%eax
8048d2e:      89 44 24 0c      mov %eax,0xc(%esp)
8048d32:      8d 45 fc       lea 0xfffffffc(%ebp),%eax
8048d35:      89 44 24 08      mov %eax,0x8(%esp)
8048d39:      c7 44 24 04 21 9b 04       movl $0x8049b21,0x4(%esp)
8048d40:      08
8048d41:      8b 45 08       mov 0x8(%ebp),%eax
8048d44:      89 04 24       mov %eax,(%esp)
8048d47:      e8 80 fb ff ff       call 80488cc <sscanf@plt>
8048d4c:      83 f8 01       cmp $0x1,%eax
8048d4f:      7f 05      jg 8048d56 <phase_3+0x31>
8048d51:      e8 22 05 00 00       call 8049278 <explode_bomb>
8048d56:      83 7d fc 07      cmpl $0x7,0xfffffffc(%ebp)
8048d5a:      77 4d      ja 8048da9 <phase_3+0x84>
8048d5c:      8b 45 fc       mov 0xfffffffc(%ebp),%eax
8048d5f:      90       nop
8048d60:      ff 24 85 40 99 04 08       jmp *0x8049940(,%eax,4)
8048d67:      b8 8c 00 00 00       mov $0x8c,%eax
8048d6c:      8d 74 26 00      lea 0x0(%esi),%esi
8048d70:      eb 48      jmp 8048dba <phase_3+0x95>
8048d72:      b8 0e 01 00 00       mov $0x10e,%eax
8048d77:      eb 41      jmp 8048dba <phase_3+0x95>
8048d79:      b8 76 03 00 00       mov $0x376,%eax
8048d7e:      66 90      xchg %ax,%ax
8048d80:      eb 38      jmp 8048dba <phase_3+0x95>
8048d82:      b8 c5 02 00 00       mov $0x2c5,%eax
8048d87:      eb 31      jmp 8048dba <phase_3+0x95>
8048d89:      b8 b8 00 00 00       mov $0xb8,%eax
8048d8e:      66 90      xchg %ax,%ax
8048d90:      eb 28      jmp 8048dba <phase_3+0x95>
8048d92:      b8 57 01 00 00       mov $0x157,%eax
8048d97:      eb 21      jmp 8048dba <phase_3+0x95>
8048d99:      b8 12 02 00 00       mov $0x212,%eax
8048d9e:      66 90      xchg %ax,%ax
8048da0:      eb 18      jmp 8048dba <phase_3+0x95>
8048da2:      b8 f3 02 00 00       mov $0x2f3,%eax
8048da7:      eb 11      jmp 8048dba <phase_3+0x95>
8048da9:      8d b4 26 00 00 00 00       lea 0x0(%esi),%esi
8048db0:      e8 c3 04 00 00       call 8049278 <explode_bomb>
8048db5:      b8 00 00 00 00       mov $0x0,%eax
8048dba:      3b 45 f8       cmp 0xfffffff8(%ebp),%eax
8048dbd:      74 05      je 8048dc4 <phase_3+0x9f>
8048dbf:      e8 b4 04 00 00       call 8049278 <explode_bomb>
8048dc4:      c9       leave
8048dc5:      c3       ret

08048dc6 <phase_2>:
8048dc6:      55       push %ebp
8048dc7:      89 e5      mov %esp,%ebp
8048dc9:      83 ec 38       sub $0x38,%esp
8048dcc:      89 5d f4       mov %ebx,0xfffffff4(%ebp)
8048dcf:      89 75 f8       mov %esi,0xfffffff8(%ebp)
8048dd2:      89 7d fc       mov %edi,0xfffffffc(%ebp)
8048dd5:      8d 45 dc       lea 0xffffffdc(%ebp),%eax
8048dd8:      89 44 24 04      mov %eax,0x4(%esp)
8048ddc:      8b 45 08       mov 0x8(%ebp),%eax
8048ddf:      89 04 24       mov %eax,(%esp)
8048de2:      e8 d3 04 00 00       call 80492ba <read_six_numbers>
8048de7:      bf 00 00 00 00       mov $0x0,%edi
8048dec:      8d 5d e8       lea 0xffffffe8(%ebp),%ebx
8048def:      89 de      mov %ebx,%esi
8048df1:      8b 43 f4       mov 0xfffffff4(%ebx),%eax
8048df4:      3b 03      cmp (%ebx),%eax
8048df6:      74 05      je 8048dfd <phase_2+0x37>
8048df8:      e8 7b 04 00 00       call 8049278 <explode_bomb>
8048dfd:      03 7e f4       add 0xfffffff4(%esi),%edi
8048e00:      83 c3 04       add $0x4,%ebx
8048e03:      8d 45 f4       lea 0xfffffff4(%ebp),%eax
8048e06:      39 c3      cmp %eax,%ebx
8048e08:      75 e5      jne 8048def <phase_2+0x29>
8048e0a:      85 ff      test %edi,%edi
8048e0c:      75 05      jne 8048e13 <phase_2+0x4d>
8048e0e:      e8 65 04 00 00       call 8049278 <explode_bomb>
8048e13:      8b 5d f4       mov 0xfffffff4(%ebp),%ebx
8048e16:      8b 75 f8       mov 0xfffffff8(%ebp),%esi
8048e19:      8b 7d fc       mov 0xfffffffc(%ebp),%edi
8048e1c:      89 ec      mov %ebp,%esp
8048e1e:      5d       pop %ebp
8048e1f:      c3       ret

08048e20 <phase_1>:
8048e20:      55       push %ebp
8048e21:      89 e5      mov %esp,%ebp
8048e23:      83 ec 08       sub $0x8,%esp
8048e26:      c7 44 24 04 10 99 04       movl $0x8049910,0x4(%esp)
8048e2d:      08
8048e2e:      8b 45 08       mov 0x8(%ebp),%eax
8048e31:      89 04 24       mov %eax,(%esp)
8048e34:      e8 87 00 00 00       call 8048ec0 <strings_not_equal>
8048e39:      85 c0      test %eax,%eax
8048e3b:      74 05      je 8048e42 <phase_1+0x22>
8048e3d:      e8 36 04 00 00       call 8049278 <explode_bomb>
8048e42:      c9       leave
8048e43:      c3       ret

08048e44 <phase_6>:
8048e44:      55       push %ebp
8048e45:      89 e5      mov %esp,%ebp
8048e47:      53       push %ebx
8048e48:      83 ec 14       sub $0x14,%esp
8048e4b:      c7 44 24 0c 00 00 00       movl $0x0,0xc(%esp)
8048e52:      00
8048e53:      c7 44 24 08 0a 00 00       movl $0xa,0x8(%esp)
8048e5a:      00
8048e5b:      c7 44 24 04 00 00 00       movl $0x0,0x4(%esp)
8048e62:      00
8048e63:      8b 45 08       mov 0x8(%ebp),%eax
8048e66:      89 04 24       mov %eax,(%esp)
8048e69:      e8 0e f9 ff ff       call 804877c <__strtol_internal@plt>
8048e6e:      89 c3      mov %eax,%ebx
8048e70:      c7 04 24 c0 b9 04 08       movl $0x804b9c0,(%esp)
8048e77:      e8 fc fc ff ff       call 8048b78 <fun6>
8048e7c:      8b 40 08       mov 0x8(%eax),%eax
8048e7f:      8b 40 08       mov 0x8(%eax),%eax
8048e82:      8b 40 08       mov 0x8(%eax),%eax
8048e85:      8b 40 08       mov 0x8(%eax),%eax
8048e88:      8b 40 08       mov 0x8(%eax),%eax
8048e8b:      3b 18      cmp (%eax),%ebx
8048e8d:      74 05      je 8048e94 <phase_6+0x50>
8048e8f:      e8 e4 03 00 00       call 8049278 <explode_bomb>
8048e94:      83 c4 14       add $0x14,%esp
8048e97:      5b       pop %ebx
8048e98:      5d       pop %ebp
8048e99:      c3       ret
8048e9a:      90       nop
8048e9b:      90       nop
8048e9c:      90       nop
8048e9d:      90       nop
8048e9e:      90       nop
8048e9f:      90       nop

08048ea0 <string_length>:
8048ea0:      55       push %ebp
8048ea1:      89 e5      mov %esp,%ebp
8048ea3:      8b 55 08       mov 0x8(%ebp),%edx
8048ea6:      b8 00 00 00 00       mov $0x0,%eax
8048eab:      80 3a 00       cmpb $0x0,(%edx)
8048eae:      74 0e      je 8048ebe <string_length+0x1e>
8048eb0:      b8 00 00 00 00       mov $0x0,%eax
8048eb5:      83 c0 01       add $0x1,%eax
8048eb8:      80 3c 10 00      cmpb $0x0,(%eax,%edx,1)
8048ebc:      75 f7      jne 8048eb5 <string_length+0x15>
8048ebe:      5d       pop %ebp
8048ebf:      c3       ret

08048ec0 <strings_not_equal>:
8048ec0:      55       push %ebp
8048ec1:      89 e5      mov %esp,%ebp
8048ec3:      57       push %edi
8048ec4:      56       push %esi
8048ec5:      53       push %ebx
8048ec6:      83 ec 04       sub $0x4,%esp
8048ec9:      8b 75 08       mov 0x8(%ebp),%esi
8048ecc:      8b 7d 0c       mov 0xc(%ebp),%edi
8048ecf:      89 34 24       mov %esi,(%esp)
8048ed2:      e8 c9 ff ff ff       call 8048ea0 <string_length>
8048ed7:      89 c3      mov %eax,%ebx
8048ed9:      89 3c 24       mov %edi,(%esp)
8048edc:      e8 bf ff ff ff       call 8048ea0 <string_length>
8048ee1:      39 c3      cmp %eax,%ebx
8048ee3:      75 29      jne 8048f0e <strings_not_equal+0x4e>
8048ee5:      0f b6 06       movzbl (%esi),%eax
8048ee8:      84 c0      test %al,%al
8048eea:      74 29      je 8048f15 <strings_not_equal+0x55>
8048eec:      89 f1      mov %esi,%ecx
8048eee:      89 fa      mov %edi,%edx
8048ef0:      3a 07      cmp (%edi),%al
8048ef2:      74 10      je 8048f04 <strings_not_equal+0x44>
8048ef4:      eb 18      jmp 8048f0e <strings_not_equal+0x4e>
8048ef6:      0f b6 42 01      movzbl 0x1(%edx),%eax
8048efa:      83 c1 01       add $0x1,%ecx
8048efd:      83 c2 01       add $0x1,%edx
8048f00:      38 c3      cmp %al,%bl
8048f02:      75 0a      jne 8048f0e <strings_not_equal+0x4e>
8048f04:      0f b6 59 01      movzbl 0x1(%ecx),%ebx
8048f08:      84 db      test %bl,%bl
8048f0a:      75 ea      jne 8048ef6 <strings_not_equal+0x36>
8048f0c:      eb 07      jmp 8048f15 <strings_not_equal+0x55>
8048f0e:      b8 01 00 00 00       mov $0x1,%eax
8048f13:      eb 05      jmp 8048f1a <strings_not_equal+0x5a>
8048f15:      b8 00 00 00 00       mov $0x0,%eax
8048f1a:      83 c4 04       add $0x4,%esp
8048f1d:      5b       pop %ebx
8048f1e:      5e       pop %esi
8048f1f:      5f       pop %edi
8048f20:      5d       pop %ebp
8048f21:      c3       ret

08048f22 <send_msg>:
8048f22:      55       push %ebp
8048f23:      89 e5      mov %esp,%ebp
8048f25:      57       push %edi
8048f26:      56       push %esi
8048f27:      53       push %ebx
8048f28:      81 ec 9c 00 00 00      sub $0x9c,%esp
8048f2e:      c7 04 24 00 00 00 00       movl $0x0,(%esp)
8048f35:      e8 c2 f8 ff ff       call 80487fc <dup@plt>
8048f3a:      89 45 80       mov %eax,0xffffff80(%ebp)
8048f3d:      83 f8 ff       cmp $0xffffffff,%eax
8048f40:      75 18      jne 8048f5a <send_msg+0x38>
8048f42:      c7 04 24 a0 99 04 08       movl $0x80499a0,(%esp)
8048f49:      e8 6e f9 ff ff       call 80488bc <puts@plt>
8048f4e:      c7 04 24 08 00 00 00       movl $0x8,(%esp)
8048f55:      e8 a2 f9 ff ff       call 80488fc <exit@plt>
8048f5a:      c7 04 24 00 00 00 00       movl $0x0,(%esp)
8048f61:      e8 e6 f8 ff ff       call 804884c <close@plt>
8048f66:      83 f8 ff       cmp $0xffffffff,%eax
8048f69:      75 18      jne 8048f83 <send_msg+0x61>
8048f6b:      c7 04 24 b4 99 04 08       movl $0x80499b4,(%esp)
8048f72:      e8 45 f9 ff ff       call 80488bc <puts@plt>
8048f77:      c7 04 24 08 00 00 00       movl $0x8,(%esp)
8048f7e:      e8 79 f9 ff ff       call 80488fc <exit@plt>
8048f83:      e8 14 f8 ff ff       call 804879c <tmpfile@plt>
8048f88:      89 c7      mov %eax,%edi
8048f8a:      85 c0      test %eax,%eax
8048f8c:      75 18      jne 8048fa6 <send_msg+0x84>
8048f8e:      c7 04 24 c7 99 04 08       movl $0x80499c7,(%esp)
8048f95:      e8 22 f9 ff ff       call 80488bc <puts@plt>
8048f9a:      c7 04 24 08 00 00 00       movl $0x8,(%esp)
8048fa1:      e8 56 f9 ff ff       call 80488fc <exit@plt>
8048fa6:      89 44 24 0c      mov %eax,0xc(%esp)
8048faa:      c7 44 24 08 1b 00 00       movl $0x1b,0x8(%esp)
8048fb1:      00
8048fb2:      c7 44 24 04 01 00 00       movl $0x1,0x4(%esp)
8048fb9:      00
8048fba:      c7 04 24 dc 99 04 08       movl $0x80499dc,(%esp)
8048fc1:      e8 96 f8 ff ff       call 804885c <fwrite@plt>
8048fc6:      89 7c 24 04      mov %edi,0x4(%esp)
8048fca:      c7 04 24 0a 00 00 00       movl $0xa,(%esp)
8048fd1:      e8 c6 f8 ff ff       call 804889c <fputc@plt>
8048fd6:      c7 04 24 00 00 00 00       movl $0x0,(%esp)
8048fdd:      e8 9a f8 ff ff       call 804887c <cuserid@plt>
8048fe2:      85 c0      test %eax,%eax
8048fe4:      75 13      jne 8048ff9 <send_msg+0xd7>
8048fe6:      c7 45 90 6e 6f 62 6f       movl $0x6f626f6e,0xffffff90(%ebp)
8048fed:      66 c7 45 94 64 79      movw $0x7964,0xffffff94(%ebp)
8048ff3:      c6 45 96 00      movb $0x0,0xffffff96(%ebp)
8048ff7:      eb 0f      jmp 8049008 <send_msg+0xe6>
8048ff9:      89 44 24 04      mov %eax,0x4(%esp)
8048ffd:      8d 45 90       lea 0xffffff90(%ebp),%eax
8049000:      89 04 24       mov %eax,(%esp)
8049003:      e8 24 f8 ff ff       call 804882c <strcpy@plt>
8049008:      a1 30 bc 04 08       mov 0x804bc30,%eax
804900d:      ba bd 9b 04 08       mov $0x8049bbd,%edx
8049012:      83 7d 08 00      cmpl $0x0,0x8(%ebp)
8049016:      75 05      jne 804901d <send_msg+0xfb>
8049018:      ba f8 99 04 08       mov $0x80499f8,%edx
804901d:      89 44 24 18      mov %eax,0x18(%esp)
8049021:      89 54 24 14      mov %edx,0x14(%esp)
8049025:      8d 45 90       lea 0xffffff90(%ebp),%eax
8049028:      89 44 24 10      mov %eax,0x10(%esp)
804902c:      a1 40 b5 04 08       mov 0x804b540,%eax
8049031:      89 44 24 0c      mov %eax,0xc(%esp)
8049035:      c7 44 24 08 60 b5 04       movl $0x804b560,0x8(%esp)
804903c:      08
804903d:      c7 44 24 04 01 9a 04       movl $0x8049a01,0x4(%esp)
8049044:      08
8049045:      89 3c 24       mov %edi,(%esp)
8049048:      e8 1f f8 ff ff       call 804886c <fprintf@plt>
804904d:      83 3d 30 bc 04 08 00       cmpl $0x0,0x804bc30
8049054:      7e 48      jle 804909e <send_msg+0x17c>
8049056:      be 40 bc 04 08       mov $0x804bc40,%esi
804905b:      bb 00 00 00 00       mov $0x0,%ebx
8049060:      83 c3 01       add $0x1,%ebx
8049063:      89 74 24 18      mov %esi,0x18(%esp)
8049067:      89 5c 24 14      mov %ebx,0x14(%esp)
804906b:      8d 45 90       lea 0xffffff90(%ebp),%eax
804906e:      89 44 24 10      mov %eax,0x10(%esp)
8049072:      a1 40 b5 04 08       mov 0x804b540,%eax
8049077:      89 44 24 0c      mov %eax,0xc(%esp)
804907b:      c7 44 24 08 60 b5 04       movl $0x804b560,0x8(%esp)
8049082:      08
8049083:      c7 44 24 04 1d 9a 04       movl $0x8049a1d,0x4(%esp)
804908a:      08
804908b:      89 3c 24       mov %edi,(%esp)
804908e:      e8 d9 f7 ff ff       call 804886c <fprintf@plt>
8049093:      83 c6 64       add $0x64,%esi
8049096:      39 1d 30 bc 04 08      cmp %ebx,0x804bc30
804909c:      7f c2      jg 8049060 <send_msg+0x13e>
804909e:      89 3c 24       mov %edi,(%esp)
80490a1:      e8 96 f6 ff ff       call 804873c <rewind@plt>
80490a6:      c7 44 24 10 39 9a 04       movl $0x8049a39,0x10(%esp)
80490ad:      08
80490ae:      c7 44 24 0c 4b 9a 04       movl $0x8049a4b,0xc(%esp)
80490b5:      08
80490b6:      c7 44 24 08 53 9a 04       movl $0x8049a53,0x8(%esp)
80490bd:      08
80490be:      c7 44 24 04 6a 9a 04       movl $0x8049a6a,0x4(%esp)
80490c5:      08
80490c6:      c7 04 24 20 c4 04 08       movl $0x804c420,(%esp)
80490cd:      e8 2a f6 ff ff       call 80486fc <sprintf@plt>
80490d2:      c7 04 24 20 c4 04 08       movl $0x804c420,(%esp)
80490d9:      e8 7e f6 ff ff       call 804875c <system@plt>
80490de:      85 c0      test %eax,%eax
80490e0:      74 18      je 80490fa <send_msg+0x1d8>
80490e2:      c7 04 24 73 9a 04 08       movl $0x8049a73,(%esp)
80490e9:      e8 ce f7 ff ff       call 80488bc <puts@plt>
80490ee:      c7 04 24 08 00 00 00       movl $0x8,(%esp)
80490f5:      e8 02 f8 ff ff       call 80488fc <exit@plt>
80490fa:      89 3c 24       mov %edi,(%esp)
80490fd:      e8 da f6 ff ff       call 80487dc <fclose@plt>
8049102:      85 c0      test %eax,%eax
8049104:      74 18      je 804911e <send_msg+0x1fc>
8049106:      c7 04 24 8d 9a 04 08       movl $0x8049a8d,(%esp)
804910d:      e8 aa f7 ff ff       call 80488bc <puts@plt>
8049112:      c7 04 24 08 00 00 00       movl $0x8,(%esp)
8049119:      e8 de f7 ff ff       call 80488fc <exit@plt>
804911e:      8b 45 80       mov 0xffffff80(%ebp),%eax
8049121:      89 04 24       mov %eax,(%esp)
8049124:      e8 d3 f6 ff ff       call 80487fc <dup@plt>
8049129:      85 c0      test %eax,%eax
804912b:      74 18      je 8049145 <send_msg+0x223>
804912d:      c7 04 24 a6 9a 04 08       movl $0x8049aa6,(%esp)
8049134:      e8 83 f7 ff ff       call 80488bc <puts@plt>
8049139:      c7 04 24 08 00 00 00       movl $0x8,(%esp)
8049140:      e8 b7 f7 ff ff       call 80488fc <exit@plt>
8049145:      8b 45 80       mov 0xffffff80(%ebp),%eax
8049148:      89 04 24       mov %eax,(%esp)
804914b:      e8 fc f6 ff ff       call 804884c <close@plt>
8049150:      85 c0      test %eax,%eax
8049152:      74 18      je 804916c <send_msg+0x24a>
8049154:      c7 04 24 c1 9a 04 08       movl $0x8049ac1,(%esp)
804915b:      e8 5c f7 ff ff       call 80488bc <puts@plt>
8049160:      c7 04 24 08 00 00 00       movl $0x8,(%esp)
8049167:      e8 90 f7 ff ff       call 80488fc <exit@plt>
804916c:      c7 44 24 04 d8 9a 04       movl $0x8049ad8,0x4(%esp)
8049173:      08
8049174:      c7 04 24 bc 9b 04 08       movl $0x8049bbc,(%esp)
804917b:      e8 8c f6 ff ff       call 804880c <fopen@plt>
8049180:      89 c3      mov %eax,%ebx
8049182:      a1 34 bc 04 08       mov 0x804bc34,%eax
8049187:      89 44 24 08      mov %eax,0x8(%esp)
804918b:      c7 44 24 04 24 9b 04       movl $0x8049b24,0x4(%esp)
8049192:      08
8049193:      89 1c 24       mov %ebx,(%esp)
8049196:      e8 d1 f6 ff ff       call 804886c <fprintf@plt>
804919b:      89 5c 24 0c      mov %ebx,0xc(%esp)
804919f:      c7 44 24 08 39 00 00       movl $0x39,0x8(%esp)
80491a6:      00
80491a7:      c7 44 24 04 01 00 00       movl $0x1,0x4(%esp)
80491ae:      00
80491af:      c7 04 24 b8 a1 04 08       movl $0x804a1b8,(%esp)
80491b6:      e8 a1 f6 ff ff       call 804885c <fwrite@plt>
80491bb:      89 1c 24       mov %ebx,(%esp)
80491be:      e8 19 f6 ff ff       call 80487dc <fclose@plt>
80491c3:      81 c4 9c 00 00 00      add $0x9c,%esp
80491c9:      5b       pop %ebx
80491ca:      5e       pop %esi
80491cb:      5f       pop %edi
80491cc:      5d       pop %ebp
80491cd:      c3       ret

080491ce <phase_defused>:
80491ce:      55       push %ebp
80491cf:      89 e5      mov %esp,%ebp
80491d1:      53       push %ebx
80491d2:      81 ec 84 00 00 00      sub $0x84,%esp
80491d8:      a1 30 bc 04 08       mov 0x804bc30,%eax
80491dd:      3b 05 34 bc 04 08      cmp 0x804bc34,%eax
80491e3:      7e 11      jle 80491f6 <phase_defused+0x28>
80491e5:      a3 34 bc 04 08       mov %eax,0x804bc34
80491ea:      c7 04 24 01 00 00 00       movl $0x1,(%esp)
80491f1:      e8 2c fd ff ff       call 8048f22 <send_msg>
80491f6:      83 3d 30 bc 04 08 06       cmpl $0x6,0x804bc30
80491fd:      75 70      jne 804926f <phase_defused+0xa1>
80491ff:      8d 5d 98       lea 0xffffff98(%ebp),%ebx
8049202:      89 5c 24 0c      mov %ebx,0xc(%esp)
8049206:      8d 45 94       lea 0xffffff94(%ebp),%eax
8049209:      89 44 24 08      mov %eax,0x8(%esp)
804920d:      c7 44 24 04 da 9a 04       movl $0x8049ada,0x4(%esp)
8049214:      08
8049215:      c7 04 24 6c bd 04 08       movl $0x804bd6c,(%esp)
804921c:      e8 ab f6 ff ff       call 80488cc <sscanf@plt>
8049221:      83 f8 02       cmp $0x2,%eax
8049224:      75 31      jne 8049257 <phase_defused+0x89>
8049226:      c7 44 24 04 e0 9a 04       movl $0x8049ae0,0x4(%esp)
804922d:      08
804922e:      89 1c 24       mov %ebx,(%esp)
8049231:      e8 8a fc ff ff       call 8048ec0 <strings_not_equal>
8049236:      85 c0      test %eax,%eax
8049238:      75 1d      jne 8049257 <phase_defused+0x89>
804923a:      c7 04 24 f4 a1 04 08       movl $0x804a1f4,(%esp)
8049241:      e8 76 f6 ff ff       call 80488bc <puts@plt>
8049246:      c7 04 24 1c a2 04 08       movl $0x804a21c,(%esp)
804924d:      e8 6a f6 ff ff       call 80488bc <puts@plt>
8049252:      e8 cb f9 ff ff       call 8048c22 <secret_phase>
8049257:      c7 04 24 54 a2 04 08       movl $0x804a254,(%esp)
804925e:      e8 59 f6 ff ff       call 80488bc <puts@plt>
8049263:      c7 04 24 80 a2 04 08       movl $0x804a280,(%esp)
804926a:      e8 4d f6 ff ff       call 80488bc <puts@plt>
804926f:      81 c4 84 00 00 00      add $0x84,%esp
8049275:      5b       pop %ebx
8049276:      5d       pop %ebp
8049277:      c3       ret

08049278 <explode_bomb>:
8049278:      55       push %ebp
8049279:      89 e5      mov %esp,%ebp
804927b:      83 ec 08       sub $0x8,%esp
804927e:      c7 04 24 f5 9a 04 08       movl $0x8049af5,(%esp)
8049285:      e8 32 f6 ff ff       call 80488bc <puts@plt>
804928a:      c7 04 24 fe 9a 04 08       movl $0x8049afe,(%esp)
8049291:      e8 26 f6 ff ff       call 80488bc <puts@plt>
8049296:      c7 04 24 00 00 00 00       movl $0x0,(%esp)
804929d:      e8 80 fc ff ff       call 8048f22 <send_msg>
80492a2:      c7 04 24 c4 a2 04 08       movl $0x804a2c4,(%esp)
80492a9:      e8 0e f6 ff ff       call 80488bc <puts@plt>
80492ae:      c7 04 24 08 00 00 00       movl $0x8,(%esp)
80492b5:      e8 42 f6 ff ff       call 80488fc <exit@plt>

080492ba <read_six_numbers>:
80492ba:      55       push %ebp
80492bb:      89 e5      mov %esp,%ebp
80492bd:      83 ec 28       sub $0x28,%esp
80492c0:      8b 55 0c       mov 0xc(%ebp),%edx
80492c3:      8d 42 14       lea 0x14(%edx),%eax
80492c6:      89 44 24 1c      mov %eax,0x1c(%esp)
80492ca:      8d 42 10       lea 0x10(%edx),%eax
80492cd:      89 44 24 18      mov %eax,0x18(%esp)
80492d1:      8d 42 0c       lea 0xc(%edx),%eax
80492d4:      89 44 24 14      mov %eax,0x14(%esp)
80492d8:      8d 42 08       lea 0x8(%edx),%eax
80492db:      89 44 24 10      mov %eax,0x10(%esp)
80492df:      8d 42 04       lea 0x4(%edx),%eax
80492e2:      89 44 24 0c      mov %eax,0xc(%esp)
80492e6:      89 54 24 08      mov %edx,0x8(%esp)
80492ea:      c7 44 24 04 15 9b 04       movl $0x8049b15,0x4(%esp)
80492f1:      08
80492f2:      8b 45 08       mov 0x8(%ebp),%eax
80492f5:      89 04 24       mov %eax,(%esp)
80492f8:      e8 cf f5 ff ff       call 80488cc <sscanf@plt>
80492fd:      83 f8 05       cmp $0x5,%eax
8049300:      7f 05      jg 8049307 <read_six_numbers+0x4d>
8049302:      e8 71 ff ff ff       call 8049278 <explode_bomb>
8049307:      c9       leave
8049308:      c3       ret

08049309 <blank_line>:
8049309:      55       push %ebp
804930a:      89 e5      mov %esp,%ebp
804930c:      56       push %esi
804930d:      53       push %ebx
804930e:      8b 75 08       mov 0x8(%ebp),%esi
8049311:      eb 1b      jmp 804932e <blank_line+0x25>
8049313:      e8 b4 f4 ff ff       call 80487cc <__ctype_b_loc@plt>
8049318:      0f be d3       movsbl %bl,%edx
804931b:      8b 00      mov (%eax),%eax
804931d:      f6 44 50 01 20       testb $0x20,0x1(%eax,%edx,2)
8049322:      75 07      jne 804932b <blank_line+0x22>
8049324:      b8 00 00 00 00       mov $0x0,%eax
8049329:      eb 0f      jmp 804933a <blank_line+0x31>
804932b:      83 c6 01       add $0x1,%esi
804932e:      0f b6 1e       movzbl (%esi),%ebx
8049331:      84 db      test %bl,%bl
8049333:      75 de      jne 8049313 <blank_line+0xa>
8049335:      b8 01 00 00 00       mov $0x1,%eax
804933a:      5b       pop %ebx
804933b:      5e       pop %esi
804933c:      5d       pop %ebp
804933d:      c3       ret

0804933e <skip>:
804933e:      55       push %ebp
804933f:      89 e5      mov %esp,%ebp
8049341:      53       push %ebx
8049342:      83 ec 14       sub $0x14,%esp
8049345:      a1 38 bc 04 08       mov 0x804bc38,%eax
804934a:      89 44 24 08      mov %eax,0x8(%esp)
804934e:      c7 44 24 04 64 00 00       movl $0x64,0x4(%esp)
8049355:      00
8049356:      6b 05 30 bc 04 08 64       imul $0x64,0x804bc30,%eax
804935d:      05 40 bc 04 08       add $0x804bc40,%eax
8049362:      89 04 24       mov %eax,(%esp)
8049365:      e8 02 f4 ff ff       call 804876c <fgets@plt>
804936a:      89 c3      mov %eax,%ebx
804936c:      85 c0      test %eax,%eax
804936e:      74 0c      je 804937c <skip+0x3e>
8049370:      89 04 24       mov %eax,(%esp)
8049373:      e8 91 ff ff ff       call 8049309 <blank_line>
8049378:      85 c0      test %eax,%eax
804937a:      75 c9      jne 8049345 <skip+0x7>
804937c:      89 d8      mov %ebx,%eax
804937e:      83 c4 14       add $0x14,%esp
8049381:      5b       pop %ebx
8049382:      5d       pop %ebp
8049383:      c3       ret

08049384 <read_line>:
8049384:      55       push %ebp
8049385:      89 e5      mov %esp,%ebp
8049387:      57       push %edi
8049388:      83 ec 04       sub $0x4,%esp
804938b:      e8 ae ff ff ff       call 804933e <skip>
8049390:      85 c0      test %eax,%eax
8049392:      75 60      jne 80493f4 <read_line+0x70>
8049394:      a1 38 bc 04 08       mov 0x804bc38,%eax
8049399:      3b 05 20 bc 04 08      cmp 0x804bc20,%eax
804939f:      75 13      jne 80493b4 <read_line+0x30>
80493a1:      c7 04 24 27 9b 04 08       movl $0x8049b27,(%esp)
80493a8:      e8 0f f5 ff ff       call 80488bc <puts@plt>
80493ad:      e8 c6 fe ff ff       call 8049278 <explode_bomb>
80493b2:      eb 40      jmp 80493f4 <read_line+0x70>
80493b4:      c7 04 24 45 9b 04 08       movl $0x8049b45,(%esp)
80493bb:      e8 8c f3 ff ff       call 804874c <getenv@plt>
80493c0:      85 c0      test %eax,%eax
80493c2:      74 0c      je 80493d0 <read_line+0x4c>
80493c4:      c7 04 24 00 00 00 00       movl $0x0,(%esp)
80493cb:      e8 2c f5 ff ff       call 80488fc <exit@plt>
80493d0:      a1 20 bc 04 08       mov 0x804bc20,%eax
80493d5:      a3 38 bc 04 08       mov %eax,0x804bc38
80493da:      e8 5f ff ff ff       call 804933e <skip>
80493df:      85 c0      test %eax,%eax
80493e1:      75 11      jne 80493f4 <read_line+0x70>
80493e3:      c7 04 24 27 9b 04 08       movl $0x8049b27,(%esp)
80493ea:      e8 cd f4 ff ff       call 80488bc <puts@plt>
80493ef:      e8 84 fe ff ff       call 8049278 <explode_bomb>
80493f4:      6b 05 30 bc 04 08 64       imul $0x64,0x804bc30,%eax
80493fb:      8d b8 40 bc 04 08      lea 0x804bc40(%eax),%edi
8049401:      fc       cld
8049402:      b9 ff ff ff ff       mov $0xffffffff,%ecx
8049407:      b8 00 00 00 00       mov $0x0,%eax
804940c:      f2 ae      repnz scas %es:(%edi),%al
804940e:      f7 d1      not %ecx
8049410:      8d 79 ff       lea 0xffffffff(%ecx),%edi
8049413:      83 ff 63       cmp $0x63,%edi
8049416:      75 11      jne 8049429 <read_line+0xa5>
8049418:      c7 04 24 50 9b 04 08       movl $0x8049b50,(%esp)
804941f:      e8 98 f4 ff ff       call 80488bc <puts@plt>
8049424:      e8 4f fe ff ff       call 8049278 <explode_bomb>
8049429:      8b 15 30 bc 04 08      mov 0x804bc30,%edx
804942f:      6b c2 64       imul $0x64,%edx,%eax
8049432:      05 40 bc 04 08       add $0x804bc40,%eax
8049437:      c6 44 38 ff 00       movb $0x0,0xffffffff(%eax,%edi,1)
804943c:      83 c2 01       add $0x1,%edx
804943f:      89 15 30 bc 04 08      mov %edx,0x804bc30
8049445:      83 c4 04       add $0x4,%esp
8049448:      5f       pop %edi
8049449:      5d       pop %ebp
804944a:      c3       ret

0804944b <invalid_phase>:
804944b:      55       push %ebp
804944c:      89 e5      mov %esp,%ebp
804944e:      83 ec 08       sub $0x8,%esp
8049451:      8b 45 08       mov 0x8(%ebp),%eax
8049454:      89 44 24 04      mov %eax,0x4(%esp)
8049458:      c7 04 24 6b 9b 04 08       movl $0x8049b6b,(%esp)
804945f:      e8 d8 f3 ff ff       call 804883c <printf@plt>
8049464:      c7 04 24 08 00 00 00       movl $0x8,(%esp)
804946b:      e8 8c f4 ff ff       call 80488fc <exit@plt>

08049470 <sig_handler>:
8049470:      55       push %ebp
8049471:      89 e5      mov %esp,%ebp
8049473:      83 ec 08       sub $0x8,%esp
8049476:      c7 04 24 e8 a2 04 08       movl $0x804a2e8,(%esp)
804947d:      e8 3a f4 ff ff       call 80488bc <puts@plt>
8049482:      c7 04 24 03 00 00 00       movl $0x3,(%esp)
8049489:      e8 1e f4 ff ff       call 80488ac <sleep@plt>
804948e:      c7 04 24 7c 9b 04 08       movl $0x8049b7c,(%esp)
8049495:      e8 a2 f3 ff ff       call 804883c <printf@plt>
804949a:      a1 24 bc 04 08       mov 0x804bc24,%eax
804949f:      89 04 24       mov %eax,(%esp)
80494a2:      e8 05 f3 ff ff       call 80487ac <fflush@plt>
80494a7:      c7 04 24 01 00 00 00       movl $0x1,(%esp)
80494ae:      e8 f9 f3 ff ff       call 80488ac <sleep@plt>
80494b3:      c7 04 24 84 9b 04 08       movl $0x8049b84,(%esp)
80494ba:      e8 fd f3 ff ff       call 80488bc <puts@plt>
80494bf:      c7 04 24 10 00 00 00       movl $0x10,(%esp)
80494c6:      e8 31 f4 ff ff       call 80488fc <exit@plt>

080494cb <open_clientfd>:
80494cb:      55       push %ebp
80494cc:      89 e5      mov %esp,%ebp
80494ce:      83 ec 28       sub $0x28,%esp
80494d1:      89 5d f4       mov %ebx,0xfffffff4(%ebp)
80494d4:      89 75 f8       mov %esi,0xfffffff8(%ebp)
80494d7:      89 7d fc       mov %edi,0xfffffffc(%ebp)
80494da:      8b 7d 0c       mov 0xc(%ebp),%edi
80494dd:      c7 44 24 08 00 00 00       movl $0x0,0x8(%esp)
80494e4:      00
80494e5:      c7 44 24 04 01 00 00       movl $0x1,0x4(%esp)
80494ec:      00
80494ed:      c7 04 24 02 00 00 00       movl $0x2,(%esp)
80494f4:      e8 c3 f2 ff ff       call 80487bc <socket@plt>
80494f9:      89 c6      mov %eax,%esi
80494fb:      85 c0      test %eax,%eax
80494fd:      79 18      jns 8049517 <open_clientfd+0x4c>
80494ff:      c7 04 24 8c 9b 04 08       movl $0x8049b8c,(%esp)
8049506:      e8 b1 f3 ff ff       call 80488bc <puts@plt>
804950b:      c7 04 24 08 00 00 00       movl $0x8,(%esp)
8049512:      e8 e5 f3 ff ff       call 80488fc <exit@plt>
8049517:      8b 45 08       mov 0x8(%ebp),%eax
804951a:      89 04 24       mov %eax,(%esp)
804951d:      e8 ca f3 ff ff       call 80488ec <gethostbyname@plt>
8049522:      89 c1      mov %eax,%ecx
8049524:      85 c0      test %eax,%eax
8049526:      75 18      jne 8049540 <open_clientfd+0x75>
8049528:      c7 04 24 9a 9b 04 08       movl $0x8049b9a,(%esp)
804952f:      e8 88 f3 ff ff       call 80488bc <puts@plt>
8049534:      c7 04 24 08 00 00 00       movl $0x8,(%esp)
804953b:      e8 bc f3 ff ff       call 80488fc <exit@plt>
8049540:      8d 5d e4       lea 0xffffffe4(%ebp),%ebx
8049543:      c7 45 e4 00 00 00 00       movl $0x0,0xffffffe4(%ebp)
804954a:      c7 45 e8 00 00 00 00       movl $0x0,0xffffffe8(%ebp)
8049551:      c7 45 ec 00 00 00 00       movl $0x0,0xffffffec(%ebp)
8049558:      c7 45 f0 00 00 00 00       movl $0x0,0xfffffff0(%ebp)
804955f:      66 c7 45 e4 02 00      movw $0x2,0xffffffe4(%ebp)
8049565:      8d 55 e8       lea 0xffffffe8(%ebp),%edx
8049568:      8b 40 0c       mov 0xc(%eax),%eax
804956b:      89 44 24 08      mov %eax,0x8(%esp)
804956f:      89 54 24 04      mov %edx,0x4(%esp)
8049573:      8b 41 10       mov 0x10(%ecx),%eax
8049576:      8b 00      mov (%eax),%eax
8049578:      89 04 24       mov %eax,(%esp)
804957b:      e8 6c f2 ff ff       call 80487ec <bcopy@plt>
8049580:      89 f8      mov %edi,%eax
8049582:      66 c1 c8 08      ror $0x8,%ax
8049586:      66 89 45 e6      mov %ax,0xffffffe6(%ebp)
804958a:      c7 44 24 08 10 00 00       movl $0x10,0x8(%esp)
8049591:      00
8049592:      89 5c 24 04      mov %ebx,0x4(%esp)
8049596:      89 34 24       mov %esi,(%esp)
8049599:      e8 6e f1 ff ff       call 804870c <connect@plt>
804959e:      85 c0      test %eax,%eax
80495a0:      79 18      jns 80495ba <open_clientfd+0xef>
80495a2:      c7 04 24 a8 9b 04 08       movl $0x8049ba8,(%esp)
80495a9:      e8 0e f3 ff ff       call 80488bc <puts@plt>
80495ae:      c7 04 24 08 00 00 00       movl $0x8,(%esp)
80495b5:      e8 42 f3 ff ff       call 80488fc <exit@plt>
80495ba:      89 f0      mov %esi,%eax
80495bc:      8b 5d f4       mov 0xfffffff4(%ebp),%ebx
80495bf:      8b 75 f8       mov 0xfffffff8(%ebp),%esi
80495c2:      8b 7d fc       mov 0xfffffffc(%ebp),%edi
80495c5:      89 ec      mov %ebp,%esp
80495c7:      5d       pop %ebp
80495c8:      c3       ret

080495c9 <initialize_bomb>:
80495c9:      55       push %ebp
80495ca:      89 e5      mov %esp,%ebp
80495cc:      53       push %ebx
80495cd:      83 ec 54       sub $0x54,%esp
80495d0:      c7 44 24 04 b2 99 04       movl $0x80499b2,0x4(%esp)
80495d7:      08
80495d8:      c7 04 24 bc 9b 04 08       movl $0x8049bbc,(%esp)
80495df:      e8 28 f2 ff ff       call 804880c <fopen@plt>
80495e4:      89 c3      mov %eax,%ebx
80495e6:      85 c0      test %eax,%eax
80495e8:      75 3e      jne 8049628 <initialize_bomb+0x5f>
80495ea:      c7 04 24 b6 9b 04 08       movl $0x8049bb6,(%esp)
80495f1:      e8 66 f1 ff ff       call 804875c <system@plt>
80495f6:      c7 44 24 04 b2 99 04       movl $0x80499b2,0x4(%esp)
80495fd:      08
80495fe:      c7 04 24 bc 9b 04 08       movl $0x8049bbc,(%esp)
8049605:      e8 02 f2 ff ff       call 804880c <fopen@plt>
804960a:      89 c3      mov %eax,%ebx
804960c:      85 c0      test %eax,%eax
804960e:      75 18      jne 8049628 <initialize_bomb+0x5f>
8049610:      c7 04 24 c5 9b 04 08       movl $0x8049bc5,(%esp)
8049617:      e8 a0 f2 ff ff       call 80488bc <puts@plt>
804961c:      c7 04 24 01 00 00 00       movl $0x1,(%esp)
8049623:      e8 d4 f2 ff ff       call 80488fc <exit@plt>
8049628:      89 1c 24       mov %ebx,(%esp)
804962b:      e8 ec f1 ff ff       call 804881c <feof@plt>
8049630:      85 c0      test %eax,%eax
8049632:      75 29      jne 804965d <initialize_bomb+0x94>
8049634:      c7 44 24 08 34 bc 04       movl $0x804bc34,0x8(%esp)
804963b:      08
804963c:      c7 44 24 04 24 9b 04       movl $0x8049b24,0x4(%esp)
8049643:      08
8049644:      89 1c 24       mov %ebx,(%esp)
8049647:      e8 90 f2 ff ff       call 80488dc <fscanf@plt>
804964c:      85 c0      test %eax,%eax
804964e:      0f 9e c0       setle %al
8049651:      0f b6 c0       movzbl %al,%eax
8049654:      83 e8 01       sub $0x1,%eax
8049657:      21 05 34 bc 04 08      and %eax,0x804bc34
804965d:      89 1c 24       mov %ebx,(%esp)
8049660:      e8 77 f1 ff ff       call 80487dc <fclose@plt>
8049665:      c7 44 24 04 70 94 04       movl $0x8049470,0x4(%esp)
804966c:      08
804966d:      c7 04 24 02 00 00 00       movl $0x2,(%esp)
8049674:      e8 a3 f0 ff ff       call 804871c <signal@plt>
8049679:      c7 44 24 04 40 00 00       movl $0x40,0x4(%esp)
8049680:      00
8049681:      8d 45 bc       lea 0xffffffbc(%ebp),%eax
8049684:      89 04 24       mov %eax,(%esp)
8049687:      e8 00 f2 ff ff       call 804888c <gethostname@plt>
804968c:      85 c0      test %eax,%eax
804968e:      74 18      je 80496a8 <initialize_bomb+0xdf>
8049690:      c7 04 24 d9 9b 04 08       movl $0x8049bd9,(%esp)
8049697:      e8 20 f2 ff ff       call 80488bc <puts@plt>
804969c:      c7 04 24 08 00 00 00       movl $0x8,(%esp)
80496a3:      e8 54 f2 ff ff       call 80488fc <exit@plt>
80496a8:      c7 44 24 04 50 00 00       movl $0x50,0x4(%esp)
80496af:      00
80496b0:      c7 04 24 e6 9b 04 08       movl $0x8049be6,(%esp)
80496b7:      e8 0f fe ff ff       call 80494cb <open_clientfd>
80496bc:      89 04 24       mov %eax,(%esp)
80496bf:      e8 88 f1 ff ff       call 804884c <close@plt>
80496c4:      83 c4 54       add $0x54,%esp
80496c7:      5b       pop %ebx
80496c8:      5d       pop %ebp
80496c9:      c3       ret
80496ca:      90       nop
80496cb:      90       nop
80496cc:      90       nop
80496cd:      90       nop
80496ce:      90       nop
80496cf:      90       nop

080496d0 <__libc_csu_fini>:
80496d0:      55       push %ebp
80496d1:      89 e5      mov %esp,%ebp
80496d3:      5d       pop %ebp
80496d4:      c3       ret
80496d5:      8d 74 26 00      lea 0x0(%esi),%esi
80496d9:      8d bc 27 00 00 00 00       lea 0x0(%edi),%edi

080496e0 <__libc_csu_init>:
80496e0:      55       push %ebp
80496e1:      89 e5      mov %esp,%ebp
80496e3:      57       push %edi
80496e4:      56       push %esi
80496e5:      53       push %ebx
80496e6:      e8 5e 00 00 00       call 8049749 <__i686.get_pc_thunk.bx>
80496eb:      81 c3 89 1d 00 00      add $0x1d89,%ebx
80496f1:      83 ec 1c       sub $0x1c,%esp
80496f4:      e8 db ef ff ff       call 80486d4 <_init>
80496f9:      8d 83 20 ff ff ff      lea 0xffffff20(%ebx),%eax
80496ff:      89 45 f0       mov %eax,0xfffffff0(%ebp)
8049702:      8d 83 20 ff ff ff      lea 0xffffff20(%ebx),%eax
8049708:      29 45 f0       sub %eax,0xfffffff0(%ebp)
804970b:      c1 7d f0 02      sarl $0x2,0xfffffff0(%ebp)
804970f:      8b 55 f0       mov 0xfffffff0(%ebp),%edx
8049712:      85 d2      test %edx,%edx
8049714:      74 2b      je 8049741 <__libc_csu_init+0x61>
8049716:      31 ff      xor %edi,%edi
8049718:      89 c6      mov %eax,%esi
804971a:      8d b6 00 00 00 00      lea 0x0(%esi),%esi
8049720:      8b 45 10       mov 0x10(%ebp),%eax
8049723:      83 c7 01       add $0x1,%edi
8049726:      89 44 24 08      mov %eax,0x8(%esp)
804972a:      8b 45 0c       mov 0xc(%ebp),%eax
804972d:      89 44 24 04      mov %eax,0x4(%esp)
8049731:      8b 45 08       mov 0x8(%ebp),%eax
8049734:      89 04 24       mov %eax,(%esp)
8049737:      ff 16      call *(%esi)
8049739:      83 c6 04       add $0x4,%esi
804973c:      39 7d f0       cmp %edi,0xfffffff0(%ebp)
804973f:      75 df      jne 8049720 <__libc_csu_init+0x40>
8049741:      83 c4 1c       add $0x1c,%esp
8049744:      5b       pop %ebx
8049745:      5e       pop %esi
8049746:      5f       pop %edi
8049747:      5d       pop %ebp
8049748:      c3       ret

08049749 <__i686.get_pc_thunk.bx>:
8049749:      8b 1c 24       mov (%esp),%ebx
804974c:      c3       ret
804974d:      90       nop
804974e:      90       nop
804974f:      90       nop

08049750 <__do_global_ctors_aux>:
8049750:      55       push %ebp
8049751:      89 e5      mov %esp,%ebp
8049753:      53       push %ebx
8049754:      bb 94 b3 04 08       mov $0x804b394,%ebx
8049759:      83 ec 04       sub $0x4,%esp
804975c:      a1 94 b3 04 08       mov 0x804b394,%eax
8049761:      83 f8 ff       cmp $0xffffffff,%eax
8049764:      74 0c      je 8049772 <__do_global_ctors_aux+0x22>
8049766:      83 eb 04       sub $0x4,%ebx
8049769:      ff d0      call *%eax
804976b:      8b 03      mov (%ebx),%eax
804976d:      83 f8 ff       cmp $0xffffffff,%eax
8049770:      75 f4      jne 8049766 <__do_global_ctors_aux+0x16>
8049772:      83 c4 04       add $0x4,%esp
8049775:      5b       pop %ebx
8049776:      5d       pop %ebp
8049777:      c3       ret
Disassembly of section .fini:

08049778 <_fini>:
8049778:      55       push %ebp
8049779:      89 e5      mov %esp,%ebp
804977b:      53       push %ebx
804977c:      83 ec 04       sub $0x4,%esp
804977f:      e8 00 00 00 00       call 8049784 <_fini+0xc>
8049784:      5b       pop %ebx
8049785:      81 c3 f0 1c 00 00      add $0x1cf0,%ebx
804978b:      e8 d0 f1 ff ff       call 8048960 <__do_global_dtors_aux>
8049790:      59       pop %ecx
8049791:      5b       pop %ebx
8049792:      c9       leave
8049793:      c3       ret

tomis385

ASKER

another thing that is interesting is
8049231: e8 8a fc ff ff call 8048ec0 <strings_not_equal>
which is in <phase_defused> function.

If I can't get it figured out before the end of tuesday night, i'll have to move on because i have to many things to do. i really am interested in figuring it out!

Infinity08

>> another thing that is interesting is
>> 8049231: e8 8a fc ff ff call 8048ec0 <strings_not_equal>
>> which is in <phase_defused> function.

Yes, that call is indeed interesting :)

Since you probably want to find this yourself, I'll just give some indicators ... If I'm too vague, then tell me, and I'll try to be a bit more explicit ;)

This call in the phase_defused method, as you no doubt found, gets you to the secret_phase :

8049252: e8 cb f9 ff ff call 8048c22 <secret_phase>

In order to get to that line, this jump can not be made :

8049238: 75 1d jne 8049257 <phase_defused+0x89>

whether or not the jump is made depends on the result of this call :

8049231: e8 8a fc ff ff call 8048ec0 <strings_not_equal>

Like this, you continue to work your way backwards until you arrive at the "decision" point - the point where you can make a difference (give some input).

In the end, it comes down to :

1) completing the first 6 phases
2) giving the right input to get to the secret phase
3) complete the secret phase

Does this help you further ?

tomis385

ASKER

I am now in the <secret_phase>
I can't get past this
8048c6f: 83 f8 02 cmp $0x2,%eax
I need <fun 7> to return a 2, so i can pass the above cmp and defuse the secret_phase.
so far once in secret_phase I have typed in these numbers.
35 which returns a 6 to %eax
7 return 4
47 return 5
99 returns 3
107 returns 3

I am about to give up. At this point I would like to know what value will return a 2 so I can pass that cmp in secret_phase and defuse. let me know also how it is done as well as the value. thanks.

Infinity08

>> I am now in the <secret_phase>

nice :)

>> At this point I would like to know what value will return a 2 so I can pass that cmp in secret_phase and defuse.

You're giving up ? You got this far - I'm sure the rest isn't more difficult.

What does the address 0x804ba74 contain ?

Infinity08

>> What does the address 0x804ba74 contain ?

Without these values, I can't really derive the value ;)

tomis385

ASKER

the value in address 0x804ba74 is 36

Infinity08

>> the value in address 0x804ba74 is 36

And the next two values ? At 0x804ba78 and 0x804ba7c

Infinity08

>> And the next two values ? At 0x804ba78 and 0x804ba7c

And the ones after that too ;)

tomis385

ASKER

0x804ba78 is 8
0x804ba7c is 50
0x804ba80 in hex 0x312d6174
0x804ba84 in hex is 0x6174616b

tomis385

ASKER

k i found the number. the number is 20 and that defuses it. I don't really understand it. it's funny, i just got lucky. can you walk me through why fun7 returns 2 if i pass in 20 into
8048c49: e8 2e fb ff ff call 804877c <__strtol_internal@plt>
in the secret_phase.
thanks.

tomis385

ASKER

what i mean is....

after i pass in 20 into
8048c49: e8 2e fb ff ff call 804877c <__strtol_internal@plt>
$eax is returned a number. then after a decrement of one it passes
8048c53: 3d e8 03 00 00 cmp $0x3e8,%eax // compare to 1000
then we enter <fun7> and after returning from that function $eax returns 2 which passes the next compare, then it's defused. luckly after trying some numbers to try to find a pattern i selected the right one. there was no pattern that i could see.
what i know is that fun7 is looping. i would like to know what the algorithm is doing and if you would be so kind as to show me the C equivalent.
thanks.