I'm new to assembly and I'm doing this bomb lab and stuck at 0x0000555555555612 <+71>. My input is 0 1 1 11 1 11
0x00005555555555cb <+0>: endbr64
0x00005555555555cf <+4>: push %rbp
0x00005555555555d0 <+5>: push %rbx
0x00005555555555d1 <+6>: sub $0x28,%rsp
0x00005555555555d5 <+10>: mov %fs:0x28,%rax
0x00005555555555de <+19>: mov %rax,0x18(%rsp)
0x00005555555555e3 <+24>: xor %eax,%eax
0x00005555555555e5 <+26>: mov %rsp,%rsi
0x00005555555555e8 <+29>: callq 0x555555555bd6 <read_six_numbers>
0x00005555555555ed <+34>: cmpl $0x0,(%rsp)
0x00005555555555f1 <+38>: jne 0x5555555555fa <phase_2+47>
0x00005555555555f3 <+40>: cmpl $0x1,0x4(%rsp)
0x00005555555555f8 <+45>: je 0x5555555555ff <phase_2+52>
0x00005555555555fa <+47>: callq 0x555555555baa <explode_bomb>
0x00005555555555ff <+52>: mov %rsp,%rbx
0x0000555555555602 <+55>: lea 0x10(%rsp),%rbp
0x0000555555555607 <+60>: jmp 0x555555555617 <phase_2+76>
0x0000555555555609 <+62>: callq 0x555555555baa <explode_bomb>
0x000055555555560e <+67>: add $0x4,%rbx
=> 0x0000555555555612 <+71>: cmp %rbp,%rbx
--Type <RET> for more, q to quit, c to continue without paging--c
0x0000555555555615 <+74>: je 0x555555555623 <phase_2+88>
0x0000555555555617 <+76>: mov 0x4(%rbx),%eax
0x000055555555561a <+79>: add (%rbx),%eax
0x000055555555561c <+81>: cmp %eax,0x8(%rbx)
0x000055555555561f <+84>: je 0x55555555560e <phase_2+67>
0x0000555555555621 <+86>: jmp 0x555555555609 <phase_2+62>
0x0000555555555623 <+88>: mov 0x18(%rsp),%rax
0x0000555555555628 <+93>: xor %fs:0x28,%rax
0x0000555555555631 <+102>: jne 0x55555555563a <phase_2+111>
0x0000555555555633 <+104>: add $0x28,%rsp
0x0000555555555637 <+108>: pop %rbx
0x0000555555555638 <+109>: pop %rbp
0x0000555555555639 <+110>: retq
0x000055555555563a <+111>: callq 0x555555555220 <__stack_chk_fail@plt>
According to my understanding that 0x0000555555555612 <+71> compare %rbx and %rbp and if equal, it'll jump to 0x0000555555555623 <+88>. I have check value of rbx and rbp.
x/d $rbp 0x7fffffffd100: 1 (gdb) ni 0x0000555555555615 in phase_2 () (gdb) ni 0x0000555555555617 in phase_2 () (gdb) x/d $rbx 0x7fffffffd0f4: 1
It seem that rbp and rbx are both equal to 1 but then why they don't jump to 0x0000555555555623 <+88>. Any explanation would be appreciated.
LINKED LIST SOLUTION The last bomb is usually a linked list. You have to enter 6 numbers 1 2 3 4 5 6. You have to figure out the input order of the numbers. You need to discover the link list by examining registers, type x/80xw $reg when the code has a node in a register. The list includes a documented node name, eg node_1, a value and a pointer. The pointer is not significant. The values have to be sorted. Typically largest to smallest. Then the number inputs are the node numbers. In order. Perhaps the decreasing (increasing?) node order is 1 4 3 5 6 2. Typically this is the input, but I have seen bombs that require the complement of these numbers as input (complement by subtracting the number from 7). The input would then be 6 3 4 2 1 5. There are lots of loops in the beginning making sure your input are the six numbers 1 2 3 4 5 6. With no duplicates. The final loop checks the order. This loop is near the bottom there will be a conditional compare that insures the values of the nodes you entered are ordered either increasing or decreasing. And another conditional jump to loop 5 times for each of the compares. You need to find the node comparison and set a break point. Get brave and type c to continue to this break point. It’s too much code to step through.
You will not explode a bomb in the first half of the code if you include the numbers 1 2 3 4 5 6 in any order (no duplicates). The last part of the code makes sure the numbers are in the correct order. Examine registers perhaps the gdb command x/20xw $reg will work When you find the memory that holds the nodes there will be lots of extra info including <node_n>. You are trying to discover the node value, an integer. It is this value that defines the node (number 1-6) order.
Often when you discover the linked list node_6 is missing. I have discovered node_6 by examining values at the order compare. You might also discover node_6 by reviewing the pointers in the link list