Question: I am trying to reverse engineer/figure out a publicly available code (the classic Binary Bomb coding exercise) using the assembly code, and I have made
I am trying to reverse engineer/figure out a publicly available code (the classic "Binary Bomb" coding exercise) using the assembly code, and I have made it through the initial phases but I am having trouble on the third phase of it. The goal of this phase is for the user to input a number followed by a lowercase letter ending in another number (i.e. 0 v 260 or 2 b 40), and if those numbers match the number-letter-number combo within the system created by the assembly, the user passes the phase and moves onto the next.
Here is the assembly language for the phase:
08048c17
8048c17: 55 push %ebp
8048c18: 89 e5 mov%esp,%ebp
8048c1a: 83 ec 28 sub$0x28,%esp
8048c1d: 8d 45 f0 lea-0x10(%ebp),%eax
8048c20: 89 44 24 0c mov%eax,0xc(%esp)
8048c24: 8d 45 f4 lea-0xc(%ebp),%eax
8048c27: 89 44 24 08 mov%eax,0x8(%esp)
8048c2b: c7 44 24 04 7e 94 04 movl $0x804947e,0x4(%esp)
8048c32: 08
8048c33: 8b 45 08 mov0x8(%ebp),%eax
8048c36: 89 04 24 mov%eax,(%esp)
8048c39: e8 a2 f9 ff ff call 80485e0 <__isoc99_sscanf@plt>
8048c3e: 83 f8 01 cmp$0x1,%eax
8048c41: 7f 05 jg 8048c48
8048c43: e8 09 02 00 00 call 8048e51
8048c48: 83 7d f4 07 cmpl $0x7,-0xc(%ebp)
8048c4c: 8d 74 26 00 lea0x0(%esi,%eiz,1),%esi
8048c50: 77 6a ja 8048cbc
8048c52: 8b 45 f4 mov-0xc(%ebp),%eax
8048c55: ff 24 85 e0 93 04 08 jmp*0x80493e0(,%eax,4)
8048c5c: b8 00 00 00 00 mov$0x0,%eax
8048c61: eb 52 jmp8048cb5
8048c63: b8 00 00 00 00 mov$0x0,%eax
8048c68: eb 46 jmp8048cb0
8048c6a: b8 00 00 00 00 mov$0x0,%eax
8048c6f: 90 nop
8048c70: eb 39 jmp8048cab
8048c72: b8 00 00 00 00 mov$0x0,%eax
8048c77: eb 2d jmp8048ca6
8048c79: b8 00 00 00 00 mov$0x0,%eax
8048c7e: 66 90 xchg %ax,%ax
8048c80: eb 1f jmp8048ca1
8048c82: b8 00 00 00 00 mov$0x0,%eax
8048c87: eb 13 jmp8048c9c
8048c89: b8 6d 03 00 00 mov$0x36d,%eax
8048c8e: 66 90 xchg %ax,%ax
8048c90: eb 05 jmp8048c97
8048c92: b8 00 00 00 00 mov$0x0,%eax
8048c97: 2d c5 02 00 00 sub$0x2c5,%eax
8048c9c: 05 94 03 00 00 add$0x394,%eax
8048ca1: 2d e2 00 00 00 sub$0xe2,%eax
8048ca6: 05 e2 00 00 00 add$0xe2,%eax
8048cab: 2d e2 00 00 00 sub$0xe2,%eax
8048cb0: 05 e2 00 00 00 add$0xe2,%eax
8048cb5: 2d e2 00 00 00 sub$0xe2,%eax
8048cba: eb 0a jmp8048cc6
8048cbc: e8 90 01 00 00 call 8048e51
8048cc1: b8 00 00 00 00 mov$0x0,%eax
8048cc6: 83 7d f4 05 cmpl $0x5,-0xc(%ebp)
8048cca: 7f 06 jg 8048cd2
8048ccc: 3b 45 f0 cmp-0x10(%ebp),%eax
8048ccf: 90 nop
8048cd0: 74 05 je 8048cd7
8048cd2: e8 7a 01 00 00 call 8048e51
8048cd7: c9 leave
8048cd8: c3 ret
Here is a website on the process for figuring out the phase using the language, the version of the language examined in these excerpts are not the exact same as the code posted above but they are a good guide for it: http://zpalexander.com/binary-bomb-lab-phase-3/
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts