Binary Bomb phase 6 assistance
I'm working on phase 6 of my binary bomb lab and I can't figure out if there is a point in this assembly code that changes the index of what I type to something else or not. here is the assembly code.
=> 0x00000000004010a8 <+0>: push %r14
0x00000000004010aa <+2>: push %r13
0x00000000004010ac <+4>: push %r12
0x00000000004010ae <+6>: push %rbp
0x00000000004010af <+7>: push %rbx
0x00000000004010b0 <+8>: sub $0x50,%rsp
0x00000000004010b4 <+12>: lea 0x30(%rsp),%r13
0x00000000004010b9 <+17>: mov %r13,%rsi
0x00000000004010bc <+20>: callq 0x40157a <read_six_numbers>
0x00000000004010c1 <+25>: mov %r13,%r14
0x00000000004010c4 <+28>: mov $0x0,%r12d
0x00000000004010ca <+34>: mov %r13,%rbp
0x00000000004010cd <+37>: mov 0x0(%r13),%eax
0x00000000004010d1 <+41>: sub $0x1,%eax
0x00000000004010d4 <+44>: cmp $0x5,%eax
0x00000000004010d7 <+47>: jbe 0x4010de <phase_6+54>
0x00000000004010d9 <+49>: callq 0x401544 <explode_bomb>
0x00000000004010de <+54>: add $0x1,%r12d
0x00000000004010e2 <+58>: cmp $0x6,%r12d
0x00000000004010e6 <+62>: je 0x40110a <phase_6+98>
0x00000000004010e8 <+64>: mov %r12d,%ebx
0x00000000004010eb <+67>: movslq %ebx,%rax
0x00000000004010ee <+70>: mov 0x30(%rsp,%rax,4),%eax
0x00000000004010f2 <+74>: cmp %eax,0x0(%rbp)
0x00000000004010f5 <+77>: jne 0x4010fc <phase_6+84>
0x00000000004010f7 <+79>: callq 0x401544 <explode_bomb>
0x00000000004010fc <+84>: add $0x1,%ebx
0x00000000004010ff <+87>: cmp $0x5,%ebx
0x0000000000401102 <+90>: jle 0x4010eb <phase_6+67>
0x0000000000401104 <+92>: add $0x4,%r13
0x0000000000401108 <+96>: jmp 0x4010ca <phase_6+34>
0x000000000040110a <+98>: lea 0x48(%rsp),%rsi
0x000000000040110f <+103>: mov %r14,%rax
0x0000000000401112 <+106>: mov $0x7,%ecx
0x0000000000401117 <+111>: mov %ecx,%edx
0x0000000000401119 <+113>: sub (%rax),%edx
0x000000000040111b <+115>: mov %edx,(%rax)
0x000000000040111d <+117>: add $0x4,%rax
0x0000000000401121 <+121>: cmp %rsi,%rax
0x0000000000401124 <+124>: jne 0x401117 <phase_6+111>
---Type <return> to continue, or q <return> to quit---
0x0000000000401126 <+126>: mov $0x0,%esi
0x000000000040112b <+131>: jmp 0x40114d <phase_6+165>
0x000000000040112d <+133>: mov 0x8(%rdx),%rdx
0x0000000000401131 <+137>: add $0x1,%eax
0x0000000000401134 <+140>: cmp %ecx,%eax
0x0000000000401136 <+142>: jne 0x40112d <phase_6+133>
0x0000000000401138 <+144>: jmp 0x40113f <phase_6+151>
0x000000000040113a <+146>: mov $0x6042f0,%edx
0x000000000040113f <+151>: mov %rdx,(%rsp,%rsi,2)
0x0000000000401143 <+155>: add $0x4,%rsi
0x0000000000401147 <+159>: cmp $0x18,%rsi
0x000000000040114b <+163>: je 0x401162 <phase_6+186>
0x000000000040114d <+165>: mov 0x30(%rsp,%rsi,1),%ecx
0x0000000000401151 <+169>: cmp $0x1,%ecx
0x0000000000401154 <+172>: jle 0x40113a <phase_6+146>
0x0000000000401156 <+174>: mov $0x1,%eax
0x000000000040115b <+179>: mov $0x6042f0,%edx
0x0000000000401160 <+184>: jmp 0x40112d <phase_6+133>
0x0000000000401162 <+186>: mov (%rsp),%rbx
0x0000000000401166 <+190>: lea 0x8(%rsp),%rax
0x000000000040116b <+195>: lea 0x30(%rsp),%rsi
0x0000000000401170 <+200>: mov %rbx,%rcx
0x0000000000401173 <+203>: mov (%rax),%rdx
0x0000000000401176 <+206>: mov %rdx,0x8(%rcx)
0x000000000040117a <+210>: add $0x8,%rax
0x000000000040117e <+214>: cmp %rsi,%rax
0x0000000000401181 <+217>: je 0x401188 <phase_6+224>
0x0000000000401183 <+219>: mov %rdx,%rcx
0x0000000000401186 <+222>: jmp 0x401173 <phase_6+203>
0x0000000000401188 <+224>: movq $0x0,0x8(%rdx)
0x0000000000401190 <+232>: mov $0x5,%ebp
0x0000000000401195 <+237>: mov 0x8(%rbx),%rax
0x0000000000401199 <+241>: mov (%rax),%eax
0x000000000040119b <+243>: cmp %eax,(%rbx)
0x000000000040119d <+245>: jge 0x4011a4 <phase_6+252>
0x000000000040119f <+247>: callq 0x401544 <explode_bomb>
0x00000000004011a4 <+252>: mov 0x8(%rbx),%rbx
0x00000000004011a8 <+256>: sub $0x1,%ebp
0x00000000004011ab <+259>: jne 0x401195 <phase_6+237>
0x00000000004011ad <+261>: add $0x50,%rsp
0x00000000004011b1 <+265>: pop %rbx
---Type <return> to continue, or q <return> to quit---
0x00000000004011b2 <+266>: pop %rbp
0x00000000004011b3 <+267>: pop %r12
0x00000000004011b5 <+269>: pop %r13
0x00000000004011b7 <+271>: pop %r14
0x00000000004011b9 <+273>: retq
What I have found out so far is what the node values are.
(gdb) x/3x $rbx
0x604340 <node6>: 0x00000191 0x00000006 0x00604330
(gdb) x/3x *($rbx + 8)
0x604330 <node5>: 0x00000275 0x00000005 0x00604320
(gdb) x/3x *(*($rbx + 8)+8)
0x604320 <node4>: 0x00000388 0x00000004 0x00604310
(gdb) x/3x *(*(*($rbx + 8)+8)+8)
0x604310 <node3>: 0x00000198 0x00000003 0x00604300
(gdb) x/3x *(*(*(*($rbx + 8)+8)+8)+8)
0x604300 <node2>: 0x00000059 0x00000002 0x006042f0
(gdb) x/3x *(*(*(*(*($rbx + 8)+8)+8)+8)+8)
0x6042f0 <node1>: 0x000001cb 0x00000001 0x00000000
I also believe that this line of code means it's from largest to smallest
0x0000000000401195 <+237>: mov 0x8(%rbx),%rax
0x0000000000401199 <+241>: mov (%rax),%eax
// EAX is less than RBX
=> 0x000000000040119b <+243>: cmp %eax,(%rbx)
0x000000000040119d <+245>: jge 0x4011a4 <phase_6+252>
which would mean the numbers, unless modified by something are 4 5 1 3 6 2.
alternatively if it was actually smallest to largest it would be revered 2 6 3 1 5 4.
I feel like I'm so close to solving this but I don't know what else to look for in this giant mass of code.
Could you guys help me find if there is something modifying my input to change the index it's addressing?
thank you very much.
asked on Stack Overflow Feb 21, 2020 by 
Matt Flint
Matt Flint0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0