Solved

binary bomb phase 3

Posted on 2009-05-15
1
1,121 Views
1 Endorsement
Last Modified: 2012-05-07
i am having trouble with these two lines

0x08048ef2 <phase_3+49>:        cmpl   $0x7,-0x4(%ebp)
0x08048ef6 <phase_3+53>:        ja     0x8048f61 <phase_3+160>


i'm not sure what the first line is.... it looks like it compares something to 7.  I am afraid the bomb is going to blow up if i don't understand it... can someone help?
This GDB was configured as "i486-linux-gnu"...

(gdb) break *0x08048ee8

Breakpoint 1 at 0x8048ee8

(gdb) break *0x08048f6b

Breakpoint 2 at 0x8048f6b

(gdb) break *0x08048f71

Breakpoint 3 at 0x8048f71

(gdb) break *0x08048ef2

Breakpoint 4 at 0x8048ef2

(gdb) break *0x08048eed

Breakpoint 5 at 0x8048eed

(gdb) break *0x08048f61

Breakpoint 6 at 0x8048f61

(gdb) break *0x08048f76

Breakpoint 7 at 0x8048f76
 

Breakpoint 1, 0x08048ee8 in phase_3 ()

Current language:  auto; currently asm

(gdb) disas

Dump of assembler code for function phase_3:

0x08048ec1 <phase_3+0>: push   %ebp

0x08048ec2 <phase_3+1>: mov    %esp,%ebp

0x08048ec4 <phase_3+3>: sub    $0x28,%esp

0x08048ec7 <phase_3+6>: lea    -0x8(%ebp),%eax

0x08048eca <phase_3+9>: mov    %eax,0xc(%esp)

0x08048ece <phase_3+13>:        lea    -0x4(%ebp),%eax

0x08048ed1 <phase_3+16>:        mov    %eax,0x8(%esp)

0x08048ed5 <phase_3+20>:        movl   $0x8049be5,0x4(%esp)

0x08048edd <phase_3+28>:        mov    0x8(%ebp),%eax

0x08048ee0 <phase_3+31>:        mov    %eax,(%esp)

0x08048ee3 <phase_3+34>:        call   0x80489d4 <sscanf@plt>

0x08048ee8 <phase_3+39>:        cmp    $0x1,%eax

0x08048eeb <phase_3+42>:        jg     0x8048ef2 <phase_3+49>

0x08048eed <phase_3+44>:        call   0x8049351 <explode_bomb>

0x08048ef2 <phase_3+49>:        cmpl   $0x7,-0x4(%ebp)

0x08048ef6 <phase_3+53>:        ja     0x8048f61 <phase_3+160>

0x08048ef8 <phase_3+55>:        mov    -0x4(%ebp),%eax

0x08048efb <phase_3+58>:        jmp    *0x8049a00(,%eax,4)

0x08048f02 <phase_3+65>:        mov    $0x0,%eax

0x08048f07 <phase_3+70>:        jmp    0x8048f5a <phase_3+153>

0x08048f09 <phase_3+72>:        mov    $0x0,%eax

0x08048f0e <phase_3+77>:        xchg   %ax,%ax

0x08048f10 <phase_3+79>:        jmp    0x8048f55 <phase_3+148>

0x08048f12 <phase_3+81>:        mov    $0x0,%eax

0x08048f17 <phase_3+86>:        jmp    0x8048f50 <phase_3+143>

0x08048f19 <phase_3+88>:        mov    $0x0,%eax

0x08048f1e <phase_3+93>:        xchg   %ax,%ax

0x08048f20 <phase_3+95>:        jmp    0x8048f4b <phase_3+138>

0x08048f22 <phase_3+97>:        mov    $0x0,%eax

0x08048f27 <phase_3+102>:       jmp    0x8048f48 <phase_3+135>

0x08048f29 <phase_3+104>:       mov    $0x0,%eax

0x08048f2e <phase_3+109>:       xchg   %ax,%ax

0x08048f30 <phase_3+111>:       jmp    0x8048f43 <phase_3+130>

0x08048f32 <phase_3+113>:       mov    $0x304,%eax

0x08048f37 <phase_3+118>:       jmp    0x8048f3e <phase_3+125>

0x08048f39 <phase_3+120>:       mov    $0x0,%eax

0x08048f3e <phase_3+125>:       sub    $0x3ba,%eax

0x08048f43 <phase_3+130>:       add    $0x134,%eax

0x08048f48 <phase_3+135>:       sub    $0x74,%eax

0x08048f4b <phase_3+138>:       add    $0x118,%eax

0x08048f50 <phase_3+143>:       sub    $0x308,%eax

0x08048f55 <phase_3+148>:       add    $0x308,%eax

0x08048f5a <phase_3+153>:       sub    $0xa4,%eax

0x08048f5f <phase_3+158>:       jmp    0x8048f6b <phase_3+170>

0x08048f61 <phase_3+160>:       call   0x8049351 <explode_bomb>

0x08048f66 <phase_3+165>:       mov    $0x0,%eax

0x08048f6b <phase_3+170>:       cmpl   $0x5,-0x4(%ebp)

---Type <return> to continue, or q <return> to quit---

0x08048f6f <phase_3+174>:       jg     0x8048f76 <phase_3+181>

0x08048f71 <phase_3+176>:       cmp    -0x8(%ebp),%eax

0x08048f74 <phase_3+179>:       je     0x8048f7b <phase_3+186>

0x08048f76 <phase_3+181>:       call   0x8049351 <explode_bomb>

0x08048f7b <phase_3+186>:       leave

0x08048f7c <phase_3+187>:       lea    0x0(%esi,%eiz,1),%esi

0x08048f80 <phase_3+191>:       ret

End of assembler dump.

(gdb) info registers

eax            0x2      2

ecx            0x1      1

edx            0xffffff8c       -116

ebx            0xbffff8d4       -1073743660

esp            0xbffff7f0       0xbffff7f0

ebp            0xbffff818       0xbffff818

esi            0xb7ffece0       -1207964448

edi            0x0      0

eip            0x8048ee8        0x8048ee8 <phase_3+39>

eflags         0x286    [ PF SF IF ]

cs             0x73     115

ss             0x7b     123

ds             0x7b     123

es             0x7b     123

fs             0x0      0

gs             0x33     51

(gdb) ni

0x08048eeb in phase_3 ()

(gdb) c

Continuing.
 

Breakpoint 4, 0x08048ef2 in phase_3 ()

(gdb) ni

0x08048ef6 in phase_3 ()

(gdb) info registers

eax            0x2      2

ecx            0x1      1

edx            0xffffff8c       -116

ebx            0xbffff8d4       -1073743660

esp            0xbffff7f0       0xbffff7f0

ebp            0xbffff818       0xbffff818

esi            0xb7ffece0       -1207964448

edi            0x0      0

eip            0x8048ef6        0x8048ef6 <phase_3+53>

eflags         0x297    [ CF PF AF SF IF ]

cs             0x73     115

ss             0x7b     123

ds             0x7b     123

es             0x7b     123

fs             0x0      0

gs             0x33     51

Open in new window

1
Comment
Question by:braker15
1 Comment
 
LVL 1

Accepted Solution

by:
braker15 earned 0 total points
ID: 24401198
figured it out
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
groupNoAdj 7 86
python question 5 69
iframe detection of parent window scale 20 60
Why isn't object file created? 6 42
This is an explanation of a simple data model to help parse a JSON feed
Since upgrading to Office 2013 or higher installing the Smart Indenter addin will fail. This article will explain how to install it so it will work regardless of the Office version installed.
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use while-loops in the C programming language.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now