Thread: Binary Bomb, Assembly Help

  1. #1
    Registered User
    Join Date
    Feb 2014
    Austin, Texas, United States

    Binary Bomb, Assembly Help

    i know a lot of people on here may not be familiar with assembly language, but i'm stuck, and have no other resort... Basically, i'm doing a "binary bomb" project, in which each phase has a password. I'm on phase 3 (phase 1 and 2 were simple). I know the password is in the format "%d %d", so two integers. I don't know how to find these out though. here is the dump:
         Dump of assembler code for function phase_3:
       0x0000000000400fad <+0>: sub    $0x18,%rsp
       0x0000000000400fb1 <+4>: lea    0xc(%rsp),%rcx
       0x0000000000400fb6 <+9>: lea    0x8(%rsp),%rdx
       0x0000000000400fbb <+14>:    mov    $0x402a71,%esi
       0x0000000000400fc0 <+19>:    mov    $0x0,%eax
       0x0000000000400fc5 <+24>:    callq  0x400c80 <__isoc99_sscanf@plt>
       0x0000000000400fca <+29>:    cmp    $0x1,%eax
       0x0000000000400fcd <+32>:    jg     0x400fd4 <phase_3+39>
       0x0000000000400fcf <+34>:    callq  0x401644 <explode_bomb>
       0x0000000000400fd4 <+39>:    cmpl   $0x7,0x8(%rsp)
       0x0000000000400fd9 <+44>:    ja     0x401041 <phase_3+148>
       0x0000000000400fdb <+46>:    mov    0x8(%rsp),%eax
       0x0000000000400fdf <+50>:    jmpq   *0x402760(,%rax,8)
       0x0000000000400fe6 <+57>:    mov    $0x0,%eax
       0x0000000000400feb <+62>:    jmp    0x400ff2 <phase_3+69>
       0x0000000000400fed <+64>:    mov    $0x14d,%eax
       0x0000000000400ff2 <+69>:    sub    $0x2ff,%eax
       0x0000000000400ff7 <+74>:    jmp    0x400ffe <phase_3+81>
       0x0000000000400ff9 <+76>:    mov    $0x0,%eax
       0x0000000000400ffe <+81>:    add    $0x1b9,%eax
       0x0000000000401003 <+86>:    jmp    0x40100a <phase_3+93>
    ---Type <return> to continue, or q <return> to quit---
       0x0000000000401005 <+88>:    mov    $0x0,%eax
       0x000000000040100a <+93>:    sub    $0x2a4,%eax
       0x000000000040100f <+98>:    jmp    0x401016 <phase_3+105>
       0x0000000000401011 <+100>:   mov    $0x0,%eax
       0x0000000000401016 <+105>:   add    $0x2a4,%eax
       0x000000000040101b <+110>:   jmp    0x401022 <phase_3+117>
       0x000000000040101d <+112>:   mov    $0x0,%eax
       0x0000000000401022 <+117>:   sub    $0x2a4,%eax
       0x0000000000401027 <+122>:   jmp    0x40102e <phase_3+129>
       0x0000000000401029 <+124>:   mov    $0x0,%eax
       0x000000000040102e <+129>:   add    $0x2a4,%eax
       0x0000000000401033 <+134>:   jmp    0x40103a <phase_3+141>
       0x0000000000401035 <+136>:   mov    $0x0,%eax
       0x000000000040103a <+141>:   sub    $0x2a4,%eax
       0x000000000040103f <+146>:   jmp    0x40104b <phase_3+158>
       0x0000000000401041 <+148>:   callq  0x401644 <explode_bomb>
       0x0000000000401046 <+153>:   mov    $0x0,%eax
       0x000000000040104b <+158>:   cmpl   $0x5,0x8(%rsp)
       0x0000000000401050 <+163>:   jg     0x401058 <phase_3+171>
       0x0000000000401052 <+165>:   cmp    0xc(%rsp),%eax
       0x0000000000401056 <+169>:   je     0x40105d <phase_3+176>
       0x0000000000401058 <+171>:   callq  0x401644 <explode_bomb>
    ---Type <return> to continue, or q <return> to quit---
       0x000000000040105d <+176>:   add    $0x18,%rsp
       0x0000000000401061 <+180>:   retq   "
    Can anyone help? Thanks.
    Last edited by Salem; 04-26-2014 at 11:49 PM. Reason: added code tags

  2. #2
    Registered User
    Join Date
    Nov 2010
    Long Beach, CA
    It might have been nice if you posted that in [code][/code] tags or something, to help it stand out and be easier to read (and ditch the "continue" lines). It would also help if you told us what kind of assembly this is. x86? x86_64? Motorola 68k? Also, telling us the syntax used (AT&T vs Intel), it would help. I have strong suspicions, but confirmation would be good.

    Anyway, you left things pretty wide open. Can you explain to us what you know of assembly? Can you explain in words, or by commenting lines of code, exactly what you think this is doing, as best you can? It's okay if you don't get it all, but it helps us help you, if we know what you do know, and what you don't. Besides, we're here to help you learn, but giving away the whole solution takes all the fun out of solving the problem, and besides, you wont learn nearly as much that way.

    So, tell us what you understand. Also, keep in mind that each line there is a very basic instruction the CPU would execute. There are a handful of critical instructions to learn: cmp, jmp (and the variants ja, jg, je and jmpq), callq, sub and add. They are largely self-explanitory, once you know what each one stands for. lea and mov are also helpful to know, but you can probably figure out the gist of it without knowing those two; and retq is probably not terribly necessary.

    One more thing, you should Google "addressing mode" or "assembly addressing mode" or similar, so you can learn the difference betwee $0x2a4, %eax, 0xc(%rsp), etc. Again, not hard to learn the basics of it, but it takes a little effort on your part.

    Post back, hopefully with more specific questions about what you don't get, and we can give you more specific help.

    EDIT: Oh, and in the future, there is a "Tech Board" sub-forum that is more appropriate for assembly and other technical questions that don't strictly belong to a different sub-forum.
    Last edited by anduril462; 04-26-2014 at 05:44 PM.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Binary Bomb help
    By Drrr in forum Tech Board
    Replies: 1
    Last Post: 03-21-2012, 12:58 PM
  2. binary Bomb defuse help
    By rasikan in forum C Programming
    Replies: 2
    Last Post: 04-08-2011, 10:04 AM
  3. New binary bomb help
    By uscuba2 in forum Tech Board
    Replies: 4
    Last Post: 05-24-2009, 05:45 PM
  4. binary bomb help
    By uscuba2 in forum Tech Board
    Replies: 8
    Last Post: 05-22-2009, 10:04 PM
  5. binary bomb
    By Lina in forum Tech Board
    Replies: 6
    Last Post: 09-24-2006, 10:35 PM
Website Security Test