c#: Bomb Lab Phase 5 Assembly

I have trouble understanding how to determine the correct input for phase 5 of this bomb lab. The following code that I derived from objdump and what I've been examining with the debugger is this:


Dump of assembler code for function phase_5:
0x08048ed2 <+0>:    push   %ebp
0x08048ed3 <+1>:    mov    %esp,%ebp
0x08048ed5 <+3>:    push   %esi
0x08048ed6 <+4>:    push   %ebx
0x08048ed7 <+5>:    sub    $0x20,%esp
0x08048eda <+8>:    lea    -0x10(%ebp),%eax
0x08048edd <+11>:   mov    %eax,0xc(%esp)
0x08048ee1 <+15>:   lea    -0xc(%ebp),%eax
0x08048ee4 <+18>:   mov    %eax,0x8(%esp)
0x08048ee8 <+22>:   movl   $0x804a5cc,0x4(%esp)
0x08048ef0 <+30>:   mov    0x8(%ebp),%eax
0x08048ef3 <+33>:   mov    %eax,(%esp)
0x08048ef6 <+36>:   call   0x8048894 <__isoc99_sscanf@plt>
0x08048efb <+41>:   cmp    $0x1,%eax
0x08048efe <+44>:   jg     0x8048f05 <phase_5+51>
0x08048f00 <+46>:   call   0x8049351 <explode_bomb>
0x08048f05 <+51>:   mov    -0xc(%ebp),%eax
0x08048f08 <+54>:   and    $0xf,%eax
0x08048f0b <+57>:   mov    %eax,-0xc(%ebp)
0x08048f0e <+60>:   cmp    $0xf,%eax
0x08048f11 <+63>:   je     0x8048f3c <phase_5+106>
0x08048f13 <+65>:   mov    $0x0,%ecx
0x08048f18 <+70>:   mov    $0x0,%edx
0x08048f1d <+75>:   mov    $0x804a520,%ebx
0x08048f22 <+80>:   add    $0x1,%edx
0x08048f25 <+83>:   mov    (%ebx,%eax,4),%eax
0x08048f28 <+86>:   add    %eax,%ecx
0x08048f2a <+88>:   cmp    $0xf,%eax
0x08048f2d <+91>:   jne    0x8048f22 <phase_5+80>
0x08048f2f <+93>:   mov    %eax,-0xc(%ebp)
0x08048f32 <+96>:   cmp    $0xf,%edx
0x08048f35 <+99>:   jne    0x8048f3c <phase_5+106>
0x08048f37 <+101>:  cmp    %ecx,-0x10(%ebp)
0x08048f3a <+104>:  je     0x8048f45 <phase_5+115>
0x08048f3c <+106>:  lea    0x0(%esi,%eiz,1),%esi
0x08048f40 <+110>:  call   0x8049351 <explode_bomb>
0x08048f45 <+115>:  add    $0x20,%esp
0x08048f48 <+118>:  pop    %ebx
0x08048f49 <+119>:  pop    %esi
0x08048f4a <+120>:  pop    %ebp
0x08048f4b <+121>:  ret    
End of assembler dump.

I have spent the last 2 hours studying this code. Correct me if I'm wrong, but I think I understand that the length of the string must be greater than 1, and that it should be 15 because of the following comparison done in the loop:


0x08048f25 <+83>:   mov    (%ebx,%eax,4),%eax
0x08048f28 <+86>:   add    %eax,%ecx
0x08048f2a <+88>:   cmp    $0xf,%eax

Other than that, I'm completely lost as to how I go about doing this. Is there a framework or process anyone can suggest to getting the input that I need? Thanks very much in advance, I'm losing sleep here but this is addictively fun!

c#

vendredi 27 février 2015

Bomb Lab Phase 5 Assembly

Aucun commentaire:

Enregistrer un commentaire