0

I'm trying to get the answer for one of those binary bombs. This is for school so please just help point me in the correct direction, I believe I am close to solving the puzzle.

Here's the piece of assembly I'm stuck on:

0x080485e9 <+127>:   call   0x8048400 <strtol@plt>
0x080485ee <+132>:   cmp    %eax,0x80498d4(,%ebx,4)
0x080485f5 <+139>:   je     0x80485fc <main+146>
0x080485f7 <+141>:   call   0x8048540 <bomb>
0x080485fc <+146>:   add    $0x1,%ebx

So I need to avoid the method call for the bomb, or else it will explode! This means that the statement cmp %eax,0x80498d4(,%ebx,4) must set the zero flag and %eax must be equal to 0x80498d4(,%ebx,4).

'%eax' Ends up becoming the input from the first line of a file I'm reading into the program. I have verified this in gdb.

I ran a print statement in gdb to see what the value of the second argument in cmp was so I could then equate it with %eax.

I ran:

print (0x80498d4 + $ebx*4)

in gdb which resulted in $1 = 134519000.

So I then plugged in the above to my input so I could get:

(gdb) print $eax
$2 = 134519000

Now both cmp arguments seemingly have the same value according to gdp, but the je jump if equal flag is still not evaluating to true and the <bomb> function is still being called.

Any pointers and help would be greatly appreciated, thanks!

Steve Summit
  • 45,437
  • 7
  • 70
  • 103
chaseshak
  • 303
  • 2
  • 9
  • You wouldn't happen to have `%ebx == 1` at that point in the program? You might want to actually `print *(0x80498d4 + $ebx*4)`, and thus compare the value in memory, rather than the address... – EOF Mar 11 '16 at 02:12
  • Ha! This solved it (the updated print statement)... I'm new to using gdb and I blanked on de-referencing the value in the address, thanks! – chaseshak Mar 11 '16 at 02:15

0 Answers0