08048544 <compare_password>:
8048544: 55 push %ebp
8048545: 89 e5 mov %esp,%ebp
8048547: 83 ec 38 sub $0x38,%esp
804854a: 8b 45 0c mov 0xc(%ebp),%eax
804854d: 89 45 d4 mov %eax,-0x2c(%ebp)
8048550: 65 a1 14 00 00 00 mov %gs:0x14,%eax
8048556: 89 45 f4 mov %eax,-0xc(%ebp)
8048559: 31 c0 xor %eax,%eax
804855b: c7 45 e4 00 00 00 00 movl $0x0,-0x1c(%ebp)
8048562: c7 45 e0 00 00 00 00 movl $0x0,-0x20(%ebp)
8048569: eb 22 jmp 804858d <compare_password+0x49>
804856b: 8b 45 e0 mov -0x20(%ebp),%eax
804856e: 03 45 d4 add -0x2c(%ebp),%eax
8048571: 0f b6 10 movzbl (%eax),%edx
8048574: 8b 45 e0 mov -0x20(%ebp),%eax
8048577: 05 44 a1 04 08 add $0x804a144,%eax
804857c: 0f b6 00 movzbl (%eax),%eax
804857f: 31 c2 xor %eax,%edx
8048581: 8d 45 ea lea -0x16(%ebp),%eax
8048584: 03 45 e0 add -0x20(%ebp),%eax
8048587: 88 10 mov %dl,(%eax)
8048589: 83 45 e0 01 addl $0x1,-0x20(%ebp)
804858d: 83 7d e0 09 cmpl $0x9,-0x20(%ebp)
8048591: 7e d8 jle 804856b <compare_password+0x27>
8048593: c7 45 e0 00 00 00 00 movl $0x0,-0x20(%ebp)
804859a: eb 2c jmp 80485c8 <compare_password+0x84>
804859c: 8b 55 08 mov 0x8(%ebp),%edx
804859f: 89 d0 mov %edx,%eax
80485a1: c1 e0 02 shl $0x2,%eax
80485a4: 01 d0 add %edx,%eax
80485a6: 01 c0 add %eax,%eax
80485a8: 03 45 e0 add -0x20(%ebp),%eax
80485ab: 05 e0 a0 04 08 add $0x804a0e0,%eax
80485b0: 0f b6 10 movzbl (%eax),%edx
80485b3: 8d 45 ea lea -0x16(%ebp),%eax
80485b6: 03 45 e0 add -0x20(%ebp),%eax
80485b9: 0f b6 00 movzbl (%eax),%eax
80485bc: 38 c2 cmp %al,%dl
80485be: 75 04 jne 80485c4 <compare_password+0x80>
80485c0: 83 45 e4 01 addl $0x1,-0x1c(%ebp)
80485c4: 83 45 e0 01 addl $0x1,-0x20(%ebp)
80485c8: 83 7d e0 09 cmpl $0x9,-0x20(%ebp)
80485cc: 7e ce jle 804859c <compare_password+0x58>
80485ce: 83 7d e4 08 cmpl $0x8,-0x1c(%ebp)
80485d2: 7e 07 jle 80485db <compare_password+0x97>
80485d4: b8 01 00 00 00 mov $0x1,%eax
80485d9: eb 05 jmp 80485e0 <compare_password+0x9c>
80485db: b8 00 00 00 00 mov $0x0,%eax
80485e0: 8b 55 f4 mov -0xc(%ebp),%edx
80485e3: 65 33 15 14 00 00 00 xor %gs:0x14,%edx
80485ea: 74 05 je 80485f1 <compare_password+0xad>
80485ec: e8 2f fe ff ff call 8048420 <__stack_chk_fail@plt>
80485f1: c9 leave
80485f2: c3 ret
080485f3 <main>:
80485f3: 55 push %ebp
80485f4: 89 e5 mov %esp,%ebp
80485f6: 83 e4 f0 and $0xfffffff0,%esp
80485f9: 83 ec 30 sub $0x30,%esp
80485fc: 65 a1 14 00 00 00 mov %gs:0x14,%eax
8048602: 89 44 24 2c mov %eax,0x2c(%esp)
8048606: 31 c0 xor %eax,%eax
8048608: c7 44 24 04 00 00 00 movl $0x0,0x4(%esp)
804860f: 00
8048610: 8d 44 24 10 lea 0x10(%esp),%eax
8048614: 89 04 24 mov %eax,(%esp)
8048617: e8 f4 fd ff ff call 8048410 <gettimeofday@plt>
804861c: 8b 54 24 10 mov 0x10(%esp),%edx
8048620: 8b 44 24 14 mov 0x14(%esp),%eax
8048624: 0f af c2 imul %edx,%eax
8048627: 89 04 24 mov %eax,(%esp)
804862a: e8 21 fe ff ff call 8048450 <srand@plt>
804862f: e8 3c fe ff ff call 8048470 <rand@plt>
8048634: 89 44 24 18 mov %eax,0x18(%esp)
8048638: 8b 4c 24 18 mov 0x18(%esp),%ecx
804863c: ba 67 66 66 66 mov $0x66666667,%edx
8048641: 89 c8 mov %ecx,%eax
8048643: f7 ea imul %edx
8048645: c1 fa 02 sar $0x2,%edx
8048648: 89 c8 mov %ecx,%eax
804864a: c1 f8 1f sar $0x1f,%eax
804864d: 29 c2 sub %eax,%edx
804864f: 89 d0 mov %edx,%eax
8048651: c1 e0 02 shl $0x2,%eax
8048654: 01 d0 add %edx,%eax
8048656: 01 c0 add %eax,%eax
8048658: 89 ca mov %ecx,%edx
804865a: 29 c2 sub %eax,%edx
804865c: 89 d0 mov %edx,%eax
804865e: 89 44 24 18 mov %eax,0x18(%esp)
8048662: 8b 54 24 18 mov 0x18(%esp),%edx
8048666: 89 d0 mov %edx,%eax
8048668: c1 e0 02 shl $0x2,%eax
804866b: 01 d0 add %edx,%eax
804866d: 01 c0 add %eax,%eax
804866f: 8d 90 60 a0 04 08 lea 0x804a060(%eax),%edx
8048675: b8 c0 87 04 08 mov $0x80487c0,%eax
804867a: 89 54 24 04 mov %edx,0x4(%esp)
804867e: 89 04 24 mov %eax,(%esp)
8048681: e8 7a fd ff ff call 8048400 <printf@plt>
8048686: b8 da 87 04 08 mov $0x80487da,%eax
804868b: 8d 54 24 22 lea 0x22(%esp),%edx
804868f: 89 54 24 04 mov %edx,0x4(%esp)
8048693: 89 04 24 mov %eax,(%esp)
8048696: e8 e5 fd ff ff call 8048480 <__isoc99_scanf@plt>
804869b: 8d 44 24 22 lea 0x22(%esp),%eax
804869f: 89 44 24 04 mov %eax,0x4(%esp)
80486a3: 8b 44 24 18 mov 0x18(%esp),%eax
80486a7: 89 04 24 mov %eax,(%esp)
80486aa: e8 95 fe ff ff call 8048544 <compare_password>
80486af: 89 44 24 1c mov %eax,0x1c(%esp)
80486b3: 83 7c 24 1c 01 cmpl $0x1,0x1c(%esp)
80486b8: 75 0e jne 80486c8 <main+0xd5>
80486ba: c7 04 24 dd 87 04 08 movl $0x80487dd,(%esp)
80486c1: e8 6a fd ff ff call 8048430 <puts@plt>
80486c6: eb 0c jmp 80486d4 <main+0xe1>
80486c8: c7 04 24 f2 87 04 08 movl $0x80487f2,(%esp)
80486cf: e8 5c fd ff ff call 8048430 <puts@plt>
80486d4: 8b 54 24 2c mov 0x2c(%esp),%edx
80486d8: 65 33 15 14 00 00 00 xor %gs:0x14,%edx
80486df: 74 05 je 80486e6 <main+0xf3>
80486e1: e8 3a fd ff ff call 8048420 <__stack_chk_fail@plt>
80486e6: c9 leave
80486e7: c3 ret
80486e8: 90 nop
80486e9: 90 nop
80486ea: 90 nop
80486eb: 90 nop
80486ec: 90 nop
80486ed: 90 nop
80486ee: 90 nop
80486ef: 90 nop
Asked
Active
Viewed 1,345 times
-3
Mr_Spock
- 3,815
- 6
- 25
- 33
Arihcg Jar
- 11
- 1
-
1Lol. No but really you should format that correctly. One instruction per line (normal assembly format). And what exactly is your question? "Understand this objdump" is rather vague. – GraphicsMuncher Nov 12 '12 at 03:25
-
We are not machines. We cannot and will not attempt to read your code and adequately accommodate you. Essentially, you didn't even pose a question. – Mr_Spock Nov 12 '12 at 03:27
-
What app are you trying to crack? – geofftnz Nov 12 '12 at 03:29
-
The function looks not too complicated. I guess its a simple cracking tutorial. If you have a question we can help you for sure. – David J Nov 12 '12 at 03:41
-
this was a class project last semester. we had to find passwords in this dump file but i couldn't. so, can someone help. – Arihcg Jar Nov 12 '12 at 03:44
-
You can try to find an equivalent implementation in C. If you have this it will be very soon clear what kind of passwords are accepted. – David J Nov 12 '12 at 03:56
1 Answers
4
Ok, learning assembly code from scratch will take some time and effort, but there's no harm in getting the basics.
Each line of this output contains three parts:
- The offset in the file where that piece of code is (in hex)
- The bytes that make up that piece of code (each in hex, again)
- The assembly language form of that code (basically reverse-translated from the bytes).
You can generally read the flow of the program through the last column. Instructions like JMPs will refer to other locations, which may or may not be nearby in the code. They may be presented in a labelled form like:
jmp 804858d <compare_password+0x49>
That says, jump to offset 0x804858d, so you can find that value in the first column. The label says that this is offset 0x49 after compare_password.
If you don't know what most of the instructions do, well, they mostly move, combine and compare individual words of memory and register. Even when you learn what each code does, understanding what it does in the context of this particular program can be hard. And you generally need to know the location of other important pieces of data when the program will be running to know what the effect will be.
There are lots of resources for learning computer programming at the level of debugging, assembly language and dissassembly, but I will leave it to others to refer you. If you really want to learn, a good way is to write your own simple program in C, and compile it to assembly. Then compare the C and assembly output side-by-side, figuring out how the C statements have been translated into instructions.
Edmund
- 10,533
- 3
- 39
- 57