OiO.lk Blog C# Binary Bomb Phase_5 (Input two integers)
C#

Binary Bomb Phase_5 (Input two integers)

  • By admin
  • October 24, 2024
  • 0 Comments
  • 2 minutes read
  • 1 View
  • 6 hours ago


I need help with figuring out my two integers to defuse phase_5. Running gdb returns "%d %d" which is how I know it’s scanning for two ints. I try to follow the compare and jump statements but get lost soon after,

Dump of assembler code for function phase_5:
   0x00000000004015b9 <+0>:     sub    $0x18,%rsp
   0x00000000004015bd <+4>:     lea    0x8(%rsp),%rcx
   0x00000000004015c2 <+9>:     lea    0xc(%rsp),%rdx
   0x00000000004015c7 <+14>:    mov    $0x402573,%esi
   0x00000000004015cc <+19>:    mov    $0x0,%eax
   0x00000000004015d1 <+24>:    call   0x401150 <__isoc99_sscanf@plt>
   0x00000000004015d6 <+29>:    cmp    $0x1,%eax
   0x00000000004015d9 <+32>:    jle    0x401625 <phase_5+108>
   0x00000000004015db <+34>:    mov    0xc(%rsp),%eax
   0x00000000004015df <+38>:    and    $0xf,%eax
   0x00000000004015e2 <+41>:    mov    %eax,0xc(%rsp)
   0x00000000004015e6 <+45>:    cmp    $0xf,%eax
   0x00000000004015e9 <+48>:    je     0x40161b <phase_5+98>
   0x00000000004015eb <+50>:    mov    $0x0,%ecx
   0x00000000004015f0 <+55>:    mov    $0x0,%edx
   0x00000000004015f5 <+60>:    add    $0x1,%edx
   0x00000000004015f8 <+63>:    cltq   
   0x00000000004015fa <+65>:    mov    0x4022a0(,%rax,4),%eax
   0x0000000000401601 <+72>:    add    %eax,%ecx
   0x0000000000401603 <+74>:    cmp    $0xf,%eax
   0x0000000000401606 <+77>:    jne    0x4015f5 <phase_5+60>
   0x0000000000401608 <+79>:    movl   $0xf,0xc(%rsp)
   0x0000000000401610 <+87>:    cmp    $0xb,%edx
   0x0000000000401613 <+90>:    jne    0x40161b <phase_5+98>
   0x0000000000401615 <+92>:    cmp    %ecx,0x8(%rsp)
   0x0000000000401619 <+96>:    je     0x401620 <phase_5+103>
   0x000000000040161b <+98>:    call   0x401bed <explode_bomb>
   0x0000000000401620 <+103>:   add    $0x18,%rsp
   0x0000000000401624 <+107>:   ret    
   0x0000000000401625 <+108>:   call   0x401bed <explode_bomb>
   0x000000000040162a <+113>:   jmp    0x4015db <phase_5+34>
End of assembler dump.


(gdb) x/s 0x402573
0x402573:   "%d %d"
(gdb) x/16x 0x4022a0
0x4022a0 <array.0>: 0x0a    0x00    0x00    0x00    0x02    0x00    0x00    0x00
0x4022a8 <array.0+8>:0x0e   0x00    0x00    0x00    0x07    0x00    0x00    0x00

I know that

  • It reads TWO numbers (the format string "%d %d")
  • The second number is ANDed with 0xf (keeping last 4 bits) Then it enters a loop where it:
  • Uses that value to index into array at 0x4022a0
  • Adds the value to a sum in %ecx
  • Counts iterations in %edx
  • Continues until it finds 0xf (15)



You need to sign in to view this answers

Leave a Comment

Related Post

C++

unable to generate bin folder using bash script with

October 24, 2024
HTML

How do I properly play a video using Javascript?

October 24, 2024
Android

How does AI improve case research in LegalTech?

October 24, 2024
PHP

PHP function to download file when called by a

October 24, 2024
C#

convert the command into bash script

October 24, 2024
java

Docker base openjdk:17-jdk-slim not taking environment variable

October 24, 2024
Exit mobile version