1

So in this stage of the binary bomb lab, I have figured out that the input must take 6 non repeating integers .

 0x56557a7c <+0>:   endbr32 
   0x56557a80 <+4>: push   %ebp
   0x56557a81 <+5>: push   %edi
   0x56557a82 <+6>: push   %esi
   0x56557a83 <+7>: push   %ebx
   0x56557a84 <+8>: sub    $0x64,%esp
   0x56557a87 <+11>:    mov    %gs:0x14,%eax
   0x56557a8d <+17>:    mov    %eax,0x54(%esp)
   0x56557a91 <+21>:    xor    %eax,%eax
   0x56557a93 <+23>:    lea    0x24(%esp),%eax
   0x56557a97 <+27>:    push   %eax
   0x56557a98 <+28>:    pushl  0x7c(%esp)
   0x56557a9c <+32>:    call   0x56557fc0 <read_six_numbers>
   0x56557aa1 <+37>:    lea    0x30(%esp),%ebp
   0x56557aa5 <+41>:    add    $0x10,%esp
   0x56557aa8 <+44>:    movl   $0x0,0xc(%esp)
   0x56557ab0 <+52>:    lea    0x34(%esp),%edi
   0x56557ab4 <+56>:    jmp    0x56557ad5 <phase_8+89>
   0x56557ab6 <+58>:    call   0x56557f7d <explode_bomb>
   0x56557abb <+63>:    jmp    0x56557ae2 <phase_8+102>
   0x56557abd <+65>:    add    $0x4,%ebx
   0x56557ac0 <+68>:    cmp    %ebx,%edi
   0x56557ac2 <+70>:    je     0x56557ad2 <phase_8+86>
   0x56557ac4 <+72>:    mov    (%ebx),%eax
   0x56557ac6 <+74>:    cmp    %eax,-0x4(%esi)
   0x56557ac9 <+77>:    jne    0x56557abd <phase_8+65>
   0x56557acb <+79>:    call   0x56557f7d <explode_bomb>
   0x56557ad0 <+84>:    jmp    0x56557abd <phase_8+65>
   0x56557ad2 <+86>:    add    $0x4,%ebp
   0x56557ad5 <+89>:    mov    %ebp,%esi
   0x56557ad7 <+91>:    mov    -0x4(%ebp),%eax
   0x56557ada <+94>:    sub    $0x1,%eax
   0x56557add <+97>:    cmp    $0x5,%eax
   0x56557ae0 <+100>:   ja     0x56557ab6 <phase_8+58>
   0x56557ae2 <+102>:   addl   $0x1,0xc(%esp)
   0x56557ae7 <+107>:   mov    0xc(%esp),%eax
   0x56557aeb <+111>:   cmp    $0x5,%eax
   0x56557aee <+114>:   jg     0x56557af4 <phase_8+120>
   0x56557af0 <+116>:   mov    %ebp,%ebx
   0x56557af2 <+118>:   jmp    0x56557ac4 <phase_8+72>

Until up around here it is just looping through the input and making sure nothing is repeated and that it is all 6 or lower. I also see that it creates a linked list of 6 nodes and I am positive that the solution has to be the correct order of the nodes but I can't figure out what line in the assembly code points to what the correct order is.

   0x56557af4 <+120>:   mov    $0x0,%ebx
   0x56557af9 <+125>:   mov    %ebx,%esi
   0x56557afb <+127>:   mov    0x1c(%esp,%ebx,4),%ecx
   0x56557aff <+131>:   mov    $0x1,%eax
   0x56557b04 <+136>:   mov    $0x5655c0d4,%edx
   0x56557b09 <+141>:   cmp    $0x1,%ecx
   0x56557b0c <+144>:   jle    0x56557b18 <phase_8+156>
   0x56557b0e <+146>:   mov    0x8(%edx),%edx
   0x56557b11 <+149>:   add    $0x1,%eax
   0x56557b14 <+152>:   cmp    %ecx,%eax
   0x56557b16 <+154>:   jne    0x56557b0e <phase_8+146>
   0x56557b18 <+156>:   mov    %edx,0x34(%esp,%esi,4)

   0x56557b1c <+160>:   add    $0x1,%ebx
   0x56557b1f <+163>:   cmp    $0x6,%ebx
   0x56557b22 <+166>:   jne    0x56557af9 <phase_8+125>
   0x56557b24 <+168>:   mov    0x34(%esp),%ebx
   0x56557b28 <+172>:   mov    0x38(%esp),%eax
   0x56557b2c <+176>:   mov    %eax,0x8(%ebx)
   0x56557b2f <+179>:   mov    0x3c(%esp),%edx
   0x56557b33 <+183>:   mov    %edx,0x8(%eax)
   0x56557b36 <+186>:   mov    0x40(%esp),%eax
   0x56557b3a <+190>:   mov    %eax,0x8(%edx)
   0x56557b3d <+193>:   mov    0x44(%esp),%edx
   0x56557b41 <+197>:   mov    %edx,0x8(%eax)
   0x56557b44 <+200>:   mov    0x48(%esp),%eax
   0x56557b48 <+204>:   mov    %eax,0x8(%edx)
   0x56557b4b <+207>:   movl   $0x0,0x8(%eax)
   0x56557b52 <+214>:   mov    $0x5,%esi
   0x56557b57 <+219>:   jmp    0x56557b61 <phase_8+229>
   0x56557b59 <+221>:   mov    0x8(%ebx),%ebx
   0x56557b5c <+224>:   sub    $0x1,%esi
   0x56557b5f <+227>:   je     0x56557b71 <phase_8+245>
   0x56557b61 <+229>:   mov    0x8(%ebx),%eax
   0x56557b64 <+232>:   mov    (%eax),%eax
   0x56557b66 <+234>:   cmp    %eax,(%ebx)
   0x56557b68 <+236>:   jle    0x56557b59 <phase_8+221>
   0x56557b6a <+238>:   call   0x56557f7d <explode_bomb>
   0x56557b6f <+243>:   jmp    0x56557b59 <phase_8+221>
   0x56557b71 <+245>:   mov    0x4c(%esp),%eax
   0x56557b75 <+249>:   xor    %gs:0x14,%eax
   0x56557b7c <+256>:   jne    0x56557b86 <phase_8+266>
   0x56557b7e <+258>:   add    $0x5c,%esp
   0x56557b81 <+261>:   pop    %ebx
   0x56557b82 <+262>:   pop    %esi
   0x56557b83 <+263>:   pop    %edi
   0x56557b84 <+264>:   pop    %ebp
   0x56557b85 <+265>:   ret    
   0x56557b86 <+266>:   call   0xf7eb84e0 <__stack_chk_fail>
Gope S.
  • 11
  • 3
  • Well it's gonna be near an explosion :) So the lines that check for the correct order are starting at +229 – Jester Nov 08 '21 at 19:25
  • @Jester Is it just putting it in an ascending or descending order? – Gope S. Nov 08 '21 at 19:48
  • Yes that is correct. – Jester Nov 08 '21 at 20:14
  • @Jester And then is it doing something to each index after that? Because I tried inputting the nodes in ascending and descending order straight up and both of those failed? So what am I still missing? – Gope S. Nov 08 '21 at 20:40
  • You did sort the nodes, not the indices right? – Jester Nov 08 '21 at 20:43
  • @Jester The values at the nodes are the same no matter what input you use, which means that the Node's number is what the code is looking for. For example, "1 3 2 5 4 6", and not the actual contents – Gope S. Nov 08 '21 at 20:52
  • erm, yeah, you need to input the indices but the order is determined by the node contents. – Jester Nov 08 '21 at 20:54
  • @Jester I know. Do you have any hints or help with what that would be towards the end? That is what I have been struggling to figure out – Gope S. Nov 08 '21 at 21:02
  • The code definitely checks he order, you likely have determined the indices wrong. – Jester Nov 08 '21 at 21:21
  • @Jester do you know what it could be then? – Gope S. Nov 08 '21 at 21:51

0 Answers0