Alright, let’s do this.
Let’s start by using objdump to disassemble our binary into its
original assembly. The command
objdump -d ./bomb > ouput.txt
will place the resulting assembly into a file by the name of
Using the symbols as a guide, our initial analysis leads us to the
Phase one is fairly straight forward. We can tell from the assembly that
the bomb is comparing user input against a predetermined string, and
blowing up if the two strings are unequal. The important part is on the
fourth line, where the operand of the
movl instruction is the memory
address containing the predetermined string. We turn to GDB to view the
contents of memory at that address.
After starting the bomb inside of GDB, we can set a break-point at
phase_1 using the command
break phase_1. We then run the program,
entering an arbitrary test string when prompted for input. Once we reach
the break-point, we can execute the command
disas to view the
instruction next up for execution. Note that the memory address of
interest is at
+6. We view the string at this location as follows.
That was easy! The string is right there in plain sight. Phase one is now complete. Let's move on to phase two, where things start to become nontrivial.
Sidenote: the string we found is a quote attributed to former Vice-President Dan Quayle
Click here for Phase II