I\'m working on the famous binary bomb solution. I\'ve worked the solution to ph

Question

I'm working on the famous binary bomb solution. I've worked the solution to phase_3 down to two integers, but haven't had any luck past that. Any ideas?

08048e15 :
8048e15:   55                             push   %ebp
8048e16:   89 e5                        mov    %esp,%ebp
8048e18:   83 ec 28                    sub    $0x28,%esp
8048e1b:   8d 45 f0                     lea    -0x10(%ebp),%eax
8048e1e:   89 44 24 0c               mov    %eax,0xc(%esp)
8048e22:   8d 45 f4                     lea    -0xc(%ebp),%eax
8048e25:   89 44 24 08               mov    %eax,0x8(%esp)
8048e29:   c7 44 24 04 ca 9a 04    movl   $0x8049aca,0x4(%esp)
8048e30:   08
8048e31:   8b 45 08                    mov    0x8(%ebp),%eax
8048e34:   89 04 24                    mov    %eax,(%esp)
8048e37:   e8 4c f9 ff ff               call   8048788 <__isoc99_sscanf@plt>
8048e3c:   83 f8 01                     cmp    $0x1,%eax
8048e3f:   7f 05                           jg     8048e46
8048e41:   e8 20 04 00 00          call   8049266
8048e46:   83 7d f4 07                cmpl   $0x7,-0xc(%ebp)
8048e4a:   77 65                         ja     8048eb1
8048e4c:   8b 45 f4                     mov    -0xc(%ebp),%eax
8048e4f:   ff 24 85 00 99 04 08   jmp    *0x8049900(,%eax,4)
8048e56:   b8 00 00 00 00          mov    $0x0,%eax
8048e5b:   eb 4d                         jmp    8048eaa
8048e5d:   b8 00 00 00 00          mov    $0x0,%eax
8048e62:   eb 41                         jmp    8048ea5
8048e64:   b8 00 00 00 00          mov    $0x0,%eax
8048e69:   eb 35                         jmp    8048ea0
8048e6b:   b8 00 00 00 00          mov    $0x0,%eax
8048e70:   eb 29                         jmp    8048e9b
8048e72:   b8 00 00 00 00          mov    $0x0,%eax
8048e77:   eb 1d                         jmp    8048e96
8048e79:   b8 00 00 00 00          mov    $0x0,%eax
8048e7e:   eb 11                         jmp    8048e91
8048e80:   b8 59 03 00 00          mov    $0x359,%eax
8048e85:   eb 05                         jmp    8048e8c
8048e87:   b8 00 00 00 00          mov    $0x0,%eax
8048e8c:   2d 8b 02 00 00          sub    $0x28b,%eax
8048e91:   05 af 03 00 00           add    $0x3af,%eax
8048e96:   2d e3 03 00 00          sub    $0x3e3,%eax
8048e9b:   05 f9 00 00 00           add    $0xf9,%eax
8048ea0:   2d d2 03 00 00          sub    $0x3d2,%eax
8048ea5:   05 d2 03 00 00          add    $0x3d2,%eax
8048eaa:   2d f7 02 00 00           sub    $0x2f7,%eax
8048eaf:   eb 0a                          jmp    8048ebb
8048eb1:   e8 b0 03 00 00          call   8049266
8048eb6:   b8 00 00 00 00          mov    $0x0,%eax
8048ebb:   83 7d f4 05                cmpl   $0x5,-0xc(%ebp)
8048ebf:   7f 05                           jg     8048ec6
8048ec1:   3b 45 f0                     cmp    -0x10(%ebp),%eax
8048ec4:   74 05                          je     8048ecb
8048ec6:   e8 9b 03 00 00           call   8049266
8048ecb:   c9                       leave
8048ecc:   8d 74 26 00                lea    0x0(%esi,%eiz,1),%esi
8048ed0:   c3                       ret   

Explanation / Answer

That's number 2. Keep going! 0 1 Breakpoint 1, 0x08048f9a in phase_3 () (gdb) disas Dump of assembler code for function phase_3: 0x08048f94 : push %ebp 0x08048f95 : mov %esp,%ebp 0x08048f97 : sub $0x28,%esp => 0x08048f9a : lea -0x10(%ebp),%eax 0x08048f9d : mov %eax,0xc(%esp) 0x08048fa1 : lea -0xc(%ebp),%eax 0x08048fa4 : mov %eax,0x8(%esp) 0x08048fa8 : movl $0x804a58c,0x4(%esp) 0x08048fb0 : mov 0x8(%ebp),%eax 0x08048fb3 : mov %eax,(%esp) 0x08048fb6 : call 0x8048894 0x08048fbb : cmp $0x1,%eax 0x08048fbe : jg 0x8048fc5 0x08048fc0 : call 0x8049321 0x08048fc5 : cmpl $0x7,-0xc(%ebp) 0x08048fc9 : ja 0x8049032 0x08048fcb : mov -0xc(%ebp),%eax 0x08048fce : xchg %ax,%ax 0x08048fd0 : jmp *0x804a4c0(,%eax,4) 0x08048fd7 : mov $0x0,%eax 0x08048fdc : lea 0x0(%esi,%eiz,1),%esi 0x08048fe0 : jmp 0x804902d 0x08048fe2 : mov $0x0,%eax 0x08048fe7 : jmp 0x804902a 0x08048fe9 : mov $0x0,%eax 0x08048fee : xchg %ax,%ax 0x08048ff0 : jmp 0x8049027 0x08048ff2 : mov $0x0,%eax 0x08048ff7 : jmp 0x8049024 0x08048ff9 : mov $0x0,%eax 0x08048ffe : xchg %ax,%ax 0x08049000 : jmp 0x8049021 0x08049002 : mov $0x0,%eax 0x08049007 : jmp 0x804901c 0x08049009 : mov $0x30d,%eax 0x0804900e : xchg %ax,%ax 0x08049010 : jmp 0x8049017 0x08049012 : mov $0x0,%eax 0x08049017 : sub $0x264,%eax 0x0804901c : add $0x3b8,%eax 0x08049021 : sub $0x49,%eax 0x08049024 : add $0x49,%eax 0x08049027 : sub $0x49,%eax 0x0804902a : add $0x49,%eax 0x0804902d : sub $0x49,%eax 0x08049030 : jmp 0x804903c 0x08049032 : call 0x8049321 0x08049037 : mov $0x0,%eax 0x0804903c : cmpl $0x5,-0xc(%ebp) 0x08049040 : jg 0x8049047 0x08049042 : cmp -0x10(%ebp),%eax 0x08049045 : je 0x804904c 0x08049047 : call 0x8049321 0x0804904c : leave 0x0804904d : lea 0x0(%esi),%esi 0x08049050 : ret End of assembler dump. (gdb)

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

---