Binary Bomb Lab Phase 6 Advice

0

I've been working on the phase 6 of the Binary Bomb lab and I'm having some trouble. I think I'm probably not reading it correctly.

What I know:

  • There needs to be 6 numbers
  • The numbers can not be duplicated in the answer ( there can't be "2 2 5 3 4 6" for ex.)
  • I know there 6 nodes and that there are loops, (tons of loops...)
  • I'm thinking that the numbers need to be in descending order like "6 5 4 3 2 1" based on which node has the biggest number.
  • I think the equation to figure out the number is 7-x? I'm not sure completely on this.

I don't know what I'm supposed to do to get past the final explode_bomb.

My nodes look like this:

Node1: 0x55555575830, 0x19e = 414

Node2: 0x555555758240, 0x1da = 474

Node3: 0x555555758250, 0x26c = 620

Node4: 0x555555758260, 0x16d = 365

Node5: 0x555555758270, 0x341 = 833

Node6: 0x555555758110, 0x9c = 156

I've tried "5 3 2 1 4 6", "5 4 3 2 1 6", "5 6 3 2 1 4", many others that weren't correct.

I chose 5 to start with because it equals the biggest number and it seems to get me the farthest down the code.

Here's my assembly code:

0x00001561      push    r14
0x00001563      push    r13
0x00001565      push    r12
0x00001567      push    rbp
0x00001568      push    rbx
0x00001569      sub     rsp, 0x60
0x0000156d      mov     rax, qword fs:[0x28]
0x00001576      mov     qword [var_58h], rax
0x0000157b      xor     eax, eax
0x0000157d      mov     r13, rsp
0x00001580      mov     rsi, r13   ; int64_t arg2
0x00001583      call    read_six_numbers ; sym.read_six_numbers  //read 6 numbers

0x00001588      mov     r12, r13
0x0000158b      mov     r14d, 0
0x00001591      jmp     0x15b8  // jump if there is 6
0x00001593      call    explode_bomb ; sym.explode_bomb   //explode if input isn't 6 numbers
0x00001598      jmp     0x15c7     ; sym.phase_6+0x66
0x0000159a      add     ebx, 1
0x0000159d      cmp     ebx, 5
0x000015a0      jg      0x15b4  // jump if greater

0x000015a2      movsxd  rax, ebx  // I think this is where my loop started 
0x000015a5      mov     eax, dword [rsp + rax*4]
0x000015a8      cmp     dword [rbp], eax
0x000015ab      jne     0x159a  
0x000015ad      call    explode_bomb ; sym.explode_bomb
0x000015b2      jmp     0x159a     ; sym.phase_6+0x39

0x000015b4      add     r13, 4
0x000015b8      mov     rbp, r13
0x000015bb      mov     eax, dword [r13]
0x000015bf      sub     eax, 1
0x000015c2      cmp     eax, 5
0x000015c5      ja      0x1593
0x000015c7      add     r14d, 1
0x000015cb      cmp     r14d, 6
0x000015cf      je      0x15d6
0x000015d1      mov     ebx, r14d
0x000015d4      jmp     0x15a2
0x000015d6      lea     rcx, [r12 + 0x18]

0x000015db      mov     edx, 7
0x000015e0      mov     eax, edx
0x000015e2      sub     eax, dword [r12]
0x000015e6      mov     dword [r12], eax
0x000015ea      add     r12, 4
0x000015ee      cmp     rcx, r12
0x000015f1      jne     0x15e0

0x000015f3      mov     esi, 0
0x000015f8      jmp     0x1614
0x000015fa      mov     rdx, qword [rdx + 8]
0x000015fe      add     eax, 1
0x00001601      cmp     eax, ecx
0x00001603      jne     0x15fa
0x00001605      mov     qword [rsp + rsi*8 + 0x20], rdx
0x0000160a      add     rsi, 1
0x0000160e      cmp     rsi, 6
0x00001612      je      0x162a
0x00001614      mov     ecx, dword [rsp + rsi*4]
0x00001617      mov     eax, 1
0x0000161c      lea     rdx, node1 ; 0x204230   //Node 1 which I get to after looping so many times
0x00001623      cmp     ecx, 1
0x00001626      jg      0x15fa  // send me to loop again
0x00001628      jmp     0x1605

0x0000162a      mov     rbx, qword [var_20h]   //This whole part confuses me
0x0000162f      mov     rax, qword [var_28h]
0x00001634      mov     qword [rbx + 8], rax
0x00001638      mov     rdx, qword [var_30h]
0x0000163d      mov     qword [rax + 8], rdx
0x00001641      mov     rax, qword [var_38h]
0x00001646      mov     qword [rdx + 8], rax
0x0000164a      mov     rdx, qword [var_40h]
0x0000164f      mov     qword [rax + 8], rdx
0x00001653      mov     rax, qword [var_48h]
0x00001658      mov     qword [rdx + 8], rax
0x0000165c      mov     qword [rax + 8], 0
0x00001664      mov     ebp, 5
0x00001669      jmp     0x1674

0x0000166b      mov     rbx, qword [rbx + 8]
0x0000166f      sub     ebp, 1
0x00001672      je      0x1685
0x00001674      mov     rax, qword [rbx + 8]
0x00001678      mov     eax, dword [tax]
0x0000167a      cmp     dword [rbx], eax
0x0000167c      jge     0x166b
0x0000167e      call    explode_bomb ; sym.explode_bomb // I eventually get here everytime
0x00001683      jmp     0x166b     ; sym.phase_6+0x10a
0x00001685      mov     rax, qword [var_58h]
0x0000168a      xor     rax, qword fs:[0x28]
0x00001693      jne     0x16a2
0x00001695      add     rsp, 0x60
0x00001699      pop     rbx
0x0000169a      pop     rbp
0x0000169b      pop     r12
0x0000169d      pop     r13
0x0000169f      pop     r14
0x000016a1      ret
0x000016a2      call    __stack_chk_fail ; sym.imp.__stack_chk_fail ; void __stack_chk_fail(void)
c
assembly
cs50
asked on Stack Overflow Oct 15, 2020 by Brooke

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0