Solved

binary bomb phase 3

Posted on 2009-05-15
1
1,118 Views
1 Endorsement
Last Modified: 2012-05-07
i am having trouble with these two lines

0x08048ef2 <phase_3+49>:        cmpl   $0x7,-0x4(%ebp)
0x08048ef6 <phase_3+53>:        ja     0x8048f61 <phase_3+160>


i'm not sure what the first line is.... it looks like it compares something to 7.  I am afraid the bomb is going to blow up if i don't understand it... can someone help?
This GDB was configured as "i486-linux-gnu"...

(gdb) break *0x08048ee8

Breakpoint 1 at 0x8048ee8

(gdb) break *0x08048f6b

Breakpoint 2 at 0x8048f6b

(gdb) break *0x08048f71

Breakpoint 3 at 0x8048f71

(gdb) break *0x08048ef2

Breakpoint 4 at 0x8048ef2

(gdb) break *0x08048eed

Breakpoint 5 at 0x8048eed

(gdb) break *0x08048f61

Breakpoint 6 at 0x8048f61

(gdb) break *0x08048f76

Breakpoint 7 at 0x8048f76
 

Breakpoint 1, 0x08048ee8 in phase_3 ()

Current language:  auto; currently asm

(gdb) disas

Dump of assembler code for function phase_3:

0x08048ec1 <phase_3+0>: push   %ebp

0x08048ec2 <phase_3+1>: mov    %esp,%ebp

0x08048ec4 <phase_3+3>: sub    $0x28,%esp

0x08048ec7 <phase_3+6>: lea    -0x8(%ebp),%eax

0x08048eca <phase_3+9>: mov    %eax,0xc(%esp)

0x08048ece <phase_3+13>:        lea    -0x4(%ebp),%eax

0x08048ed1 <phase_3+16>:        mov    %eax,0x8(%esp)

0x08048ed5 <phase_3+20>:        movl   $0x8049be5,0x4(%esp)

0x08048edd <phase_3+28>:        mov    0x8(%ebp),%eax

0x08048ee0 <phase_3+31>:        mov    %eax,(%esp)

0x08048ee3 <phase_3+34>:        call   0x80489d4 <sscanf@plt>

0x08048ee8 <phase_3+39>:        cmp    $0x1,%eax

0x08048eeb <phase_3+42>:        jg     0x8048ef2 <phase_3+49>

0x08048eed <phase_3+44>:        call   0x8049351 <explode_bomb>

0x08048ef2 <phase_3+49>:        cmpl   $0x7,-0x4(%ebp)

0x08048ef6 <phase_3+53>:        ja     0x8048f61 <phase_3+160>

0x08048ef8 <phase_3+55>:        mov    -0x4(%ebp),%eax

0x08048efb <phase_3+58>:        jmp    *0x8049a00(,%eax,4)

0x08048f02 <phase_3+65>:        mov    $0x0,%eax

0x08048f07 <phase_3+70>:        jmp    0x8048f5a <phase_3+153>

0x08048f09 <phase_3+72>:        mov    $0x0,%eax

0x08048f0e <phase_3+77>:        xchg   %ax,%ax

0x08048f10 <phase_3+79>:        jmp    0x8048f55 <phase_3+148>

0x08048f12 <phase_3+81>:        mov    $0x0,%eax

0x08048f17 <phase_3+86>:        jmp    0x8048f50 <phase_3+143>

0x08048f19 <phase_3+88>:        mov    $0x0,%eax

0x08048f1e <phase_3+93>:        xchg   %ax,%ax

0x08048f20 <phase_3+95>:        jmp    0x8048f4b <phase_3+138>

0x08048f22 <phase_3+97>:        mov    $0x0,%eax

0x08048f27 <phase_3+102>:       jmp    0x8048f48 <phase_3+135>

0x08048f29 <phase_3+104>:       mov    $0x0,%eax

0x08048f2e <phase_3+109>:       xchg   %ax,%ax

0x08048f30 <phase_3+111>:       jmp    0x8048f43 <phase_3+130>

0x08048f32 <phase_3+113>:       mov    $0x304,%eax

0x08048f37 <phase_3+118>:       jmp    0x8048f3e <phase_3+125>

0x08048f39 <phase_3+120>:       mov    $0x0,%eax

0x08048f3e <phase_3+125>:       sub    $0x3ba,%eax

0x08048f43 <phase_3+130>:       add    $0x134,%eax

0x08048f48 <phase_3+135>:       sub    $0x74,%eax

0x08048f4b <phase_3+138>:       add    $0x118,%eax

0x08048f50 <phase_3+143>:       sub    $0x308,%eax

0x08048f55 <phase_3+148>:       add    $0x308,%eax

0x08048f5a <phase_3+153>:       sub    $0xa4,%eax

0x08048f5f <phase_3+158>:       jmp    0x8048f6b <phase_3+170>

0x08048f61 <phase_3+160>:       call   0x8049351 <explode_bomb>

0x08048f66 <phase_3+165>:       mov    $0x0,%eax

0x08048f6b <phase_3+170>:       cmpl   $0x5,-0x4(%ebp)

---Type <return> to continue, or q <return> to quit---

0x08048f6f <phase_3+174>:       jg     0x8048f76 <phase_3+181>

0x08048f71 <phase_3+176>:       cmp    -0x8(%ebp),%eax

0x08048f74 <phase_3+179>:       je     0x8048f7b <phase_3+186>

0x08048f76 <phase_3+181>:       call   0x8049351 <explode_bomb>

0x08048f7b <phase_3+186>:       leave

0x08048f7c <phase_3+187>:       lea    0x0(%esi,%eiz,1),%esi

0x08048f80 <phase_3+191>:       ret

End of assembler dump.

(gdb) info registers

eax            0x2      2

ecx            0x1      1

edx            0xffffff8c       -116

ebx            0xbffff8d4       -1073743660

esp            0xbffff7f0       0xbffff7f0

ebp            0xbffff818       0xbffff818

esi            0xb7ffece0       -1207964448

edi            0x0      0

eip            0x8048ee8        0x8048ee8 <phase_3+39>

eflags         0x286    [ PF SF IF ]

cs             0x73     115

ss             0x7b     123

ds             0x7b     123

es             0x7b     123

fs             0x0      0

gs             0x33     51

(gdb) ni

0x08048eeb in phase_3 ()

(gdb) c

Continuing.
 

Breakpoint 4, 0x08048ef2 in phase_3 ()

(gdb) ni

0x08048ef6 in phase_3 ()

(gdb) info registers

eax            0x2      2

ecx            0x1      1

edx            0xffffff8c       -116

ebx            0xbffff8d4       -1073743660

esp            0xbffff7f0       0xbffff7f0

ebp            0xbffff818       0xbffff818

esi            0xb7ffece0       -1207964448

edi            0x0      0

eip            0x8048ef6        0x8048ef6 <phase_3+53>

eflags         0x297    [ CF PF AF SF IF ]

cs             0x73     115

ss             0x7b     123

ds             0x7b     123

es             0x7b     123

fs             0x0      0

gs             0x33     51

Open in new window

1
Comment
Question by:braker15
1 Comment
 
LVL 1

Accepted Solution

by:
braker15 earned 0 total points
ID: 24401198
figured it out
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Summary: This tutorial covers some basics of pointer, pointer arithmetic and function pointer. What is a pointer: A pointer is a variable which holds an address. This address might be address of another variable/address of devices/address of fu…
This is an explanation of a simple data model to help parse a JSON feed
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use while-loops in the C programming language.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now