The binary bomb is this reverse engineering exercise written by these two dudes at CMU who basically wrote the bible on computer architure (seriously, what a fantastic book): Randal Bryant and David O’Hallaron. You can find the bomb here.
I had to complete the lab as part of a course but I learned enough along the way that I figured I’d write up the steps I took to solve it.
The binary was compiled on a 32-bit machine, so you’ll need access to a 32-bit processor to run it (or enable multilib if you’re on linux; not sure how this works in Windows land). Otherwise, you can always say screw it and install a 32-bit Ubuntu image using Virtual-Box.
How it works
The idea is pretty simple, the bomb is the resulting binary of an intentionally
obfuscated program originally written in C. It has a sequence of
six phases, each of which expects the input of a specific string via
stdin. If the string is correct, the phase is then "defused", at
which point we’re allowed to move on to the next phase. Otherwise, the
bomb "explodes" (outputs "BOOM!!!" to
stdout) - scary stuff. Every time the
bomb explodes, we have to restart from the initial phase.
The goal is to get through all 6 phases without an explosion.
I’ll be using linux here (obviously), along with some basic GNU tools you can find on any distro.
Here’s a list:
- The GNU Debugger (GDB)
Click here for Phase I