二进制炸弹phase_6

时间:2018-11-01 21:21:04

标签: assembly gdb x86-64 reverse-engineering

因此,我正在制作经典的Binary炸弹,并且设法顺利进入了第6阶段,但是我似乎并不了解这里发生了什么。我猜它的链表? 我知道我的输入必须是6个数字,且必须在1-6之间,且不能重复任何数字。到目前为止,我已经找到了所有节点 节点1:91 节点2:315 节点3:456 节点4:225 节点5:727 节点6:716

对于大多数人来说,序列是升序还是降序,但是我似乎无法用这个来弄清楚。因此,我想我需要帮助的是确定炸弹作为输出寻找的顺序。

Dump of assembler code for function phase_6:
   0x00000000004010df <+0>: push   %r14
   0x00000000004010e1 <+2>: push   %r13
   0x00000000004010e3 <+4>: push   %r12
   0x00000000004010e5 <+6>: push   %rbp
   0x00000000004010e6 <+7>: push   %rbx
   0x00000000004010e7 <+8>: sub    $0x50,%rsp
   0x00000000004010eb <+12>:    lea    0x30(%rsp),%r13
   0x00000000004010f0 <+17>:    mov    %r13,%rsi
   0x00000000004010f3 <+20>:    callq  0x4015aa <read_six_numbers>
   0x00000000004010f8 <+25>:    mov    %r13,%r14
   0x00000000004010fb <+28>:    mov    $0x0,%r12d
   0x0000000000401101 <+34>:    mov    %r13,%rbp
   0x0000000000401104 <+37>:    mov    0x0(%r13),%eax
   0x0000000000401108 <+41>:    sub    $0x1,%eax
   0x000000000040110b <+44>:    cmp    $0x5,%eax
   0x000000000040110e <+47>:    jbe    0x401115 <phase_6+54>
   0x0000000000401110 <+49>:    callq  0x401574 <explode_bomb>
   0x0000000000401115 <+54>:    add    $0x1,%r12d
   0x0000000000401119 <+58>:    cmp    $0x6,%r12d
   0x000000000040111d <+62>:    je     0x401141 <phase_6+98>
   0x000000000040111f <+64>:    mov    %r12d,%ebx
   0x0000000000401122 <+67>:    movslq %ebx,%rax
   0x0000000000401125 <+70>:    mov    0x30(%rsp,%rax,4),%eax
   0x0000000000401129 <+74>:    cmp    %eax,0x0(%rbp)
   0x000000000040112c <+77>:    jne    0x401133 <phase_6+84>
   0x000000000040112e <+79>:    callq  0x401574 <explode_bomb>
   0x0000000000401133 <+84>:    add    $0x1,%ebx
   0x0000000000401136 <+87>:    cmp    $0x5,%ebx
   0x0000000000401139 <+90>:    jle    0x401122 <phase_6+67>
   0x000000000040113b <+92>:    add    $0x4,%r13
   0x000000000040113f <+96>:    jmp    0x401101 <phase_6+34>
   0x0000000000401141 <+98>:    lea    0x48(%rsp),%rsi
   0x0000000000401146 <+103>:   mov    %r14,%rax
   0x0000000000401149 <+106>:   mov    $0x7,%ecx
   0x000000000040114e <+111>:   mov    %ecx,%edx
   0x0000000000401150 <+113>:   sub    (%rax),%edx
   0x0000000000401152 <+115>:   mov    %edx,(%rax)
   0x0000000000401154 <+117>:   add    $0x4,%rax
   0x0000000000401158 <+121>:   cmp    %rsi,%rax
   0x000000000040115b <+124>:   jne    0x40114e <phase_6+111>
   0x000000000040115d <+126>:   mov    $0x0,%esi
   0x0000000000401162 <+131>:   jmp    0x401184 <phase_6+165>
   0x0000000000401164 <+133>:   mov    0x8(%rdx),%rdx
   0x0000000000401168 <+137>:   add    $0x1,%eax
   0x000000000040116b <+140>:   cmp    %ecx,%eax
   0x000000000040116d <+142>:   jne    0x401164 <phase_6+133>
   0x000000000040116f <+144>:   jmp    0x401176 <phase_6+151>
   0x0000000000401171 <+146>:   mov    $0x6042f0,%edx
   0x0000000000401176 <+151>:   mov    %rdx,(%rsp,%rsi,2)
   0x000000000040117a <+155>:   add    $0x4,%rsi
   0x000000000040117e <+159>:   cmp    $0x18,%rsi
   0x0000000000401182 <+163>:   je     0x401199 <phase_6+186>
   0x0000000000401184 <+165>:   mov    0x30(%rsp,%rsi,1),%ecx
   0x0000000000401188 <+169>:   cmp    $0x1,%ecx
   0x000000000040118b <+172>:   jle    0x401171 <phase_6+146>
   0x000000000040118d <+174>:   mov    $0x1,%eax
   0x0000000000401192 <+179>:   mov    $0x6042f0,%edx
   0x0000000000401197 <+184>:   jmp    0x401164 <phase_6+133>
   0x0000000000401199 <+186>:   mov    (%rsp),%rbx
   0x000000000040119d <+190>:   lea    0x8(%rsp),%rax
   0x00000000004011a2 <+195>:   lea    0x30(%rsp),%rsi
---Type <return> to continue, or q <return> to quit---
   0x00000000004011a7 <+200>:   mov    %rbx,%rcx
   0x00000000004011aa <+203>:   mov    (%rax),%rdx
   0x00000000004011ad <+206>:   mov    %rdx,0x8(%rcx)
   0x00000000004011b1 <+210>:   add    $0x8,%rax
   0x00000000004011b5 <+214>:   cmp    %rsi,%rax
   0x00000000004011b8 <+217>:   je     0x4011bf <phase_6+224>
   0x00000000004011ba <+219>:   mov    %rdx,%rcx
   0x00000000004011bd <+222>:   jmp    0x4011aa <phase_6+203>
   0x00000000004011bf <+224>:   movq   $0x0,0x8(%rdx)
   0x00000000004011c7 <+232>:   mov    $0x5,%ebp
   0x00000000004011cc <+237>:   mov    0x8(%rbx),%rax
   0x00000000004011d0 <+241>:   mov    (%rax),%eax
   0x00000000004011d2 <+243>:   cmp    %eax,(%rbx)
   0x00000000004011d4 <+245>:   jge    0x4011db <phase_6+252>
=> 0x00000000004011d6 <+247>:   callq  0x401574 <explode_bomb>
   0x00000000004011db <+252>:   mov    0x8(%rbx),%rbx
   0x00000000004011df <+256>:   sub    $0x1,%ebp
   0x00000000004011e2 <+259>:   jne    0x4011cc <phase_6+237>
   0x00000000004011e4 <+261>:   add    $0x50,%rsp
   0x00000000004011e8 <+265>:   pop    %rbx
   0x00000000004011e9 <+266>:   pop    %rbp
   0x00000000004011ea <+267>:   pop    %r12
   0x00000000004011ec <+269>:   pop    %r13
   0x00000000004011ee <+271>:   pop    %r14
   0x00000000004011f0 <+273>:   retq   
End of assembler dump.

0 个答案:

没有答案
相关问题
最新问题