So a little background I am a beginner with c and assembly code, we have an bomb assignment (written in c)which calls methods that require certain passwords, but the code is not visible and I need to determine the correct password by looking at the assembly code The code indicates the password for this method is 2 integers, which is passed as input to method phase 3 (I am trying to avoid triggering ) I think there are multiple possible two integer inputs and it seems like 0,1,2 are all possible inputs for the first integer but I am having trouble figure out integer 2 I thought it might be the decimal form of 1c0 which is 448 but it is not and so I am really confused on how to get the second input if the first is 0 Any help would be greatly appreciated Assembly code for phase 3 Dump of assembler code for function phase 3 0x0000000000400fb5 sub $0x18, rsp 0x0000000000400fb9 mov fs 0x28, rax 0x0000000000400fc2 mov rax,0x8( rsp) 0x0000000000400fc7 xor eax, eax 0x0000000000400fc9 lea 0x4( rsp), rcx 0x0000000000400fce mov rsp, rdx 0x0000000000400fd1 mov $0x4029cd, esi 0x0000000000400fd6 callq 0x400c40 0x0000000000400fdb cmp $0x1, eax 0x0000000000400fde jg 0x400fe5 0x0000000000400fe0 callq 0x4016d2 0x0000000000400fe5 cmpl $0x7,( rsp) 0x0000000000400fe9 ja 0x401050 0x0000000000400feb mov ( rsp), eax 0x0000000000400fee jmpq 0x402700(, rax,8) 0x0000000000400ff5 mov $0x1c0, eax 0x0000000000400ffa jmp 0x401001 0x0000000000400ffc mov $0x0, eax 0x0000000000401001 sub $0x223, eax 0x0000000000401006 jmp 0x40100d 0x0000000000401008 mov $0x0, eax 0x000000000040100d add $0x1dd, eax 0x0000000000401012 jmp 0x401019 0x0000000000401014 mov $0x0, eax 0x0000000000401019 sub $0x1fe, eax 0x000000000040101e jmp 0x401025 0x0000000000401020 mov $0x0, eax 0x0000000000401025 add $0x1fe, eax 0x000000000040102a jmp 0x401031 0x000000000040102c mov $0x0, eax 0x0000000000401031 sub $0x1fe, eax 0x0000000000401036 jmp 0x40103d 0x0000000000401038 mov $0x0, eax 0x000000000040103d add $0x1fe, eax Type to continue, or q to quit return 0x0000000000401042 jmp 0x401049 0x0000000000401044 mov $0x0, eax 0x0000000000401049 sub $0x1fe, eax 0x000000000040104e jmp 0x40105a 0x0000000000401050 callq 0x4016d2 0x0000000000401055 mov $0x0, eax 0x000000000040105a cmpl $0x5,( rsp) 0x000000000040105e jg 0x401066 0x0000000000401060 cmp 0x4( rsp), eax 0x0000000000401064 je 0x40106b 0x0000000000401066 callq 0x4016d2 0x000000000040106b mov 0x8( rsp), rax 0x0000000000401070 xor fs 0x28, rax 0x0000000000401079 je 0x401080 0x000000000040107b callq 0x400b90 0x0000000000401080 add $0x18, rsp 0x0000000000401084 retq End of assembler dump

The Answer is in the image, click to view ...

Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Sep 23, 2024

So a little background. I am a beginner with c and assembly code, we have an bomb assignment (written in c)which calls methods that require

So a little background. I am a beginner with c and assembly code, we have an "bomb" assignment (written in c)which calls methods that require certain passwords, but the code is not visible and I need to determine the correct password by looking at the assembly code.

The code indicates the password for this method is 2 integers, which is passed as "input" to method phase 3 (I am trying to avoid triggering ). I think there are multiple possible two integer inputs and it seems like 0,1,2 are all possible inputs for the first integer but I am having trouble figure out integer 2. I thought it might be the decimal form of 1c0 which is 448 but it is not and so I am really confused on how to get the second input if the first is 0. Any help would be greatly appreciated!

Assembly code for phase_3:

Dump of assembler code for function phase_3: 0x0000000000400fb5 <+0>: sub $0x18,%rsp 0x0000000000400fb9 <+4>: mov %fs:0x28,%rax 0x0000000000400fc2 <+13>: mov %rax,0x8(%rsp) 0x0000000000400fc7 <+18>: xor %eax,%eax 0x0000000000400fc9 <+20>: lea 0x4(%rsp),%rcx 0x0000000000400fce <+25>: mov %rsp,%rdx 0x0000000000400fd1 <+28>: mov $0x4029cd,%esi 0x0000000000400fd6 <+33>: callq 0x400c40 <__isoc99_sscanf@plt> 0x0000000000400fdb <+38>: cmp $0x1,%eax 0x0000000000400fde <+41>: jg 0x400fe5  0x0000000000400fe0 <+43>: callq 0x4016d2  0x0000000000400fe5 <+48>: cmpl $0x7,(%rsp) 0x0000000000400fe9 <+52>: ja 0x401050  0x0000000000400feb <+54>: mov (%rsp),%eax 0x0000000000400fee <+57>: jmpq *0x402700(,%rax,8) 0x0000000000400ff5 <+64>: mov $0x1c0,%eax 0x0000000000400ffa <+69>: jmp 0x401001  0x0000000000400ffc <+71>: mov $0x0,%eax 0x0000000000401001 <+76>: sub $0x223,%eax 0x0000000000401006 <+81>: jmp 0x40100d  0x0000000000401008 <+83>: mov $0x0,%eax 0x000000000040100d <+88>: add $0x1dd,%eax 0x0000000000401012 <+93>: jmp 0x401019  0x0000000000401014 <+95>: mov $0x0,%eax 0x0000000000401019 <+100>: sub $0x1fe,%eax 0x000000000040101e <+105>: jmp 0x401025  0x0000000000401020 <+107>: mov $0x0,%eax 0x0000000000401025 <+112>: add $0x1fe,%eax 0x000000000040102a <+117>: jmp 0x401031  0x000000000040102c <+119>: mov $0x0,%eax 0x0000000000401031 <+124>: sub $0x1fe,%eax 0x0000000000401036 <+129>: jmp 0x40103d  0x0000000000401038 <+131>: mov $0x0,%eax 0x000000000040103d <+136>: add $0x1fe,%eax ---Type  to continue, or q  to quit---return 0x0000000000401042 <+141>: jmp 0x401049  0x0000000000401044 <+143>: mov $0x0,%eax 0x0000000000401049 <+148>: sub $0x1fe,%eax 0x000000000040104e <+153>: jmp 0x40105a  0x0000000000401050 <+155>: callq 0x4016d2  0x0000000000401055 <+160>: mov $0x0,%eax 0x000000000040105a <+165>: cmpl $0x5,(%rsp) 0x000000000040105e <+169>: jg 0x401066  0x0000000000401060 <+171>: cmp 0x4(%rsp),%eax => 0x0000000000401064 <+175>: je 0x40106b  0x0000000000401066 <+177>: callq 0x4016d2  0x000000000040106b <+182>: mov 0x8(%rsp),%rax 0x0000000000401070 <+187>: xor %fs:0x28,%rax 0x0000000000401079 <+196>: je 0x401080  0x000000000040107b <+198>: callq 0x400b90 <__stack_chk_fail@plt> 0x0000000000401080 <+203>: add $0x18,%rsp 0x0000000000401084 <+207>: retq End of assembler dump.