The Binary Bomb Project- Part 2
Taha Azzaoui - 2017.12.25
We begin by noting that one can avoid tediously entering the password for each preceding phase, by placing each password on a separate line in a txt file and invoking the bomb with the path to that file as a command line argument.
Let’s fire up the bomb inside of GDB and set a break point at
phase_2. We can run the program with
our file of passwords and enter an arbitrary test string when prompted for input. Similar to our method of approach
in phase one, we can then run
disas once we reach the break-point to view the next instruction up for
read_six_numbers is a dead giveaway. It’s probably not too much of a stretch to assume
that this function...well...reads six numbers! After reading six numbers, the function enters some type of loop
which starts by storing the first number we entered in the register
+32, then adds
5 to it at
+35 and compares that sum to the value of the next number entered at
bomb explodes if these two numbers are not equal. Otherwise, it jumps to the update section of the loop at
+47 where it queues up the next element in our input list and uses it to repeat the same tests.
This roughly translates to the following:
Let’s test this out by entering the sequence 5 10 15 20 25 30 as our input. Sure enough this solution works, and with that we’re on to phase three!
Click here for Phase III