TechQA.

Binary Bomb Phase 4 - recursive function of 2 integers

87 views Asked by At

I am having a very difficult time tracing the assembly code for the following binary bomb (An assignment from school where a bomb has to be defused, this bomb contains 6 phases which all have 1 correct input to proceed to the next phase). I am currently on phase_4 and it has a recursive function called func4. I have identified that the input is "%d %d" which is two integers. However, I cannot quite figure out what func4 is doing, even after getting the info on all registers throughout every step.

Dump of Phase4:


 Dump of assembler code for function phase_4:
    0x0000000000401016 <+0>:     sub    $0x18,%rsp
    0x000000000040101a <+4>:     lea    0xc(%rsp),%rcx
    0x000000000040101f <+9>:     lea    0x8(%rsp),%rdx
    0x0000000000401024 <+14>:    mov    $0x4027cd,%esi
    0x0000000000401029 <+19>:    mov    $0x0,%eax
    0x000000000040102e <+24>:    callq  0x400c30 <__isoc99_sscanf@plt>
    0x0000000000401033 <+29>:    cmp    $0x2,%eax
    0x0000000000401036 <+32>:    jne    0x401044 <phase_4+46>
    0x0000000000401038 <+34>:    mov    0xc(%rsp),%eax
    0x000000000040103c <+38>:    sub    $0x2,%eax
    0x000000000040103f <+41>:    cmp    $0x2,%eax
    0x0000000000401042 <+44>:    jbe    0x401049 <phase_4+51>
    0x0000000000401044 <+46>:    callq  0x401554 <explode_bomb>
    0x0000000000401049 <+51>:    mov    0xc(%rsp),%esi
    0x000000000040104d <+55>:    mov    $0x5,%edi
 => 0x0000000000401052 <+60>:    callq  0x400fde <func4>
    0x0000000000401057 <+65>:    cmp    0x8(%rsp),%eax
    0x000000000040105b <+69>:    je     0x401062 <phase_4+76>
    0x000000000040105d <+71>:    callq  0x401554 <explode_bomb>
    0x0000000000401062 <+76>:    add    $0x18,%rsp
    0x0000000000401066 <+80>:    retq
 End of assembler dump.

Dump of func4:


 Dump of assembler code for function func4:
 => 0x0000000000400fde <+0>:     push   %r12
    0x0000000000400fe0 <+2>:     push   %rbp
    0x0000000000400fe1 <+3>:     push   %rbx
    0x0000000000400fe2 <+4>:     mov    %edi,%ebx
    0x0000000000400fe4 <+6>:     test   %edi,%edi
    0x0000000000400fe6 <+8>:     jle    0x40100c <func4+46>
    0x0000000000400fe8 <+10>:    mov    %esi,%ebp
    0x0000000000400fea <+12>:    mov    %esi,%eax
    0x0000000000400fec <+14>:    cmp    $0x1,%edi
    0x0000000000400fef <+17>:    je     0x401011 <func4+51>
    0x0000000000400ff1 <+19>:    lea    -0x1(%rdi),%edi
    0x0000000000400ff4 <+22>:    callq  0x400fde <func4>
    0x0000000000400ff9 <+27>:    lea    (%rax,%rbp,1),%r12d
    0x0000000000400ffd <+31>:    lea    -0x2(%rbx),%edi
    0x0000000000401000 <+34>:    mov    %ebp,%esi
    0x0000000000401002 <+36>:    callq  0x400fde <func4>
    0x0000000000401007 <+41>:    add    %r12d,%eax
    0x000000000040100a <+44>:    jmp    0x401011 <func4+51>
    0x000000000040100c <+46>:    mov    $0x0,%eax
    0x0000000000401011 <+51>:    pop    %rbx
    0x0000000000401012 <+52>:    pop    %rbp
    0x0000000000401013 <+53>:    pop    %r12
    0x0000000000401015 <+55>:    retq
 End of assembler dump.
assembly x86-64 binary-bomb
Original Q&A
0

There are 0 answers

Related Questions in ASSEMBLY

Related Questions in X86-64

Related Questions in BINARY-BOMB

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions