binary bomb lab phase 6

0x000000000040106b <+0>:     push   %r12
0x000000000040106d <+2>:     push   %rbp
0x000000000040106e <+3>:     push   %rbx
0x000000000040106f <+4>:     sub    $0x50,%rsp
0x0000000000401073 <+8>:     lea    0x30(%rsp),%rsi
0x0000000000401078 <+13>:    callq  0x40159a <read_six_numbers>
0x000000000040107d <+18>:    mov    $0x0,%ebp
0x0000000000401082 <+23>:    lea    0x30(%rsp),%r12
0x0000000000401087 <+28>:    mov    (%r12,%rbp,4),%eax
0x000000000040108b <+32>:    sub    $0x1,%eax
0x000000000040108e <+35>:    cmp    $0x5,%eax 
0x0000000000401091 <+38>:    jbe    0x401098 <phase_6+45>
0x0000000000401093 <+40>:    callq  0x401564 <explode_bomb>
0x0000000000401098 <+45>:    lea    0x1(%rbp),%ebx
0x000000000040109b <+48>:    cmp    $0x5,%rbp
0x000000000040109f <+52>:    je     0x4010c2 <phase_6+87>
0x00000000004010a1 <+54>:    movslq %ebx,%rdx
0x00000000004010a4 <+57>:    mov    (%r12,%rbp,4),%eax
0x00000000004010a8 <+61>:    cmp    0x30(%rsp,%rdx,4),%eax
0x00000000004010ac <+65>:    jne    0x4010b3 <phase_6+72>
0x00000000004010ae <+67>:    callq  0x401564 <explode_bomb>
0x00000000004010b3 <+72>:    add    $0x1,%ebx
0x00000000004010b6 <+75>:    cmp    $0x5,%ebx
0x00000000004010b9 <+78>:    jle    0x4010a1 <phase_6+54>
0x00000000004010bb <+80>:    add    $0x1,%rbp
0x00000000004010bf <+84>:    nop
0x00000000004010c0 <+85>:    jmp    0x401087 <phase_6+28>

0x00000000004010c2 <+87>:    lea    0x30(%rsp),%rdx
0x00000000004010c7 <+92>:    lea    0x48(%rsp),%rcx
0x00000000004010cc <+97>:    mov    $0x7,%eax
0x00000000004010d1 <+102>:   sub    (%rdx),%eax
0x00000000004010d3 <+104>:   mov    %eax,(%rdx)
0x00000000004010d5 <+106>:   add    $0x4,%rdx
0x00000000004010d9 <+110>:   cmp    %rcx,%rdx
0x00000000004010dc <+113>:   jne    0x4010cc <phase_6+97>
0x00000000004010de <+115>:   mov    $0x1,%edx
0x00000000004010e3 <+120>:   mov    $0x603970,%esi
0x00000000004010e8 <+125>:   mov    $0x0,%ecx
0x00000000004010ed <+130>:   jmp    0x4010f6 <phase_6+139>
0x00000000004010ef <+132>:   mov    0x8(%rsi),%rsi
0x00000000004010f3 <+136>:   add    $0x1,%edx
0x00000000004010f6 <+139>:   movslq %ecx,%rax
0x00000000004010f9 <+142>:   cmp    0x30(%rsp,%rax,4),%edx
0x00000000004010fd <+146>:   jl     0x4010ef <phase_6+132>
0x00000000004010ff <+148>:   mov    %rsi,(%rsp,%rax,8)
0x0000000000401103 <+152>:   add    $0x1,%ecx
0x0000000000401106 <+155>:   cmp    $0x5,%ecx
0x0000000000401109 <+158>:   jg     0x401117 <phase_6+172>
0x000000000040110b <+160>:   mov    $0x1,%edx
0x0000000000401110 <+165>:   mov    $0x603970,%esi
0x0000000000401115 <+170>:   jmp    0x4010f6 <phase_6+139>
0x0000000000401117 <+172>:   mov    (%rsp),%rcx 

0x000000000040111b <+176>:   mov    0x8(%rsp),%rax
0x0000000000401120 <+181>:   mov    %rax,0x8(%rcx)
0x0000000000401124 <+185>:   mov    0x10(%rsp),%rdx
0x0000000000401129 <+190>:   mov    %rdx,0x8(%rax)
0x000000000040112d <+194>:   mov    0x18(%rsp),%rax
0x0000000000401132 <+199>:   mov    %rax,0x8(%rdx)
0x0000000000401136 <+203>:   mov    0x20(%rsp),%rdx
0x000000000040113b <+208>:   mov    %rdx,0x8(%rax)
0x000000000040113f <+212>:   mov    0x28(%rsp),%rax
0x0000000000401144 <+217>:   mov    %rax,0x8(%rdx)
0x0000000000401148 <+221>:   movq   $0x0,0x8(%rax)
0x0000000000401150 <+229>:   mov    %rcx,%rbx
0x0000000000401153 <+232>:   mov    $0x0,%ebp 

0x0000000000401158 <+237>:   mov    0x8(%rbx),%rdx
0x000000000040115c <+241>:   mov    (%rbx),%eax
0x000000000040115e <+243>:   cmp    (%rdx),%eax
0x0000000000401160 <+245>:   jge    0x401167 <phase_6+252>
0x0000000000401162 <+247>:   callq  0x401564 <explode_bomb>
0x0000000000401167 <+252>:   mov    0x8(%rbx),%rbx
0x000000000040116b <+256>:   add    $0x1,%ebp
0x000000000040116e <+259>:   cmp    $0x5,%ebp
0x0000000000401171 <+262>:   jne    0x401158 <phase_6+237>
0x0000000000401173 <+264>:   add    $0x50,%rsp
0x0000000000401177 <+268>:   pop    %rbx
0x0000000000401178 <+269>:   pop    %rbp
0x0000000000401179 <+270>:   pop    %r12
0x000000000040117b <+272>:   retq

What I know about this code is : 1. Input should be six numbers, and they should be different. 2. The range of numbers is 1 to 6.

And the node is :

0x603970 <node1> 0x000000f6
0x603978 <node1+8> 0x603960
0x603960 <node2> 0x00000304
0x693968 <node2+8> 0x603950
0x603950 <node3> 0x000000b7
0x603958 <node3+8> 0x603940
0x603940 <node4> 0x000000eb
0x603948 <node4+8> 0x603930
0x603930 <node5> 0x0000021f
0x603938 <node5+8> 0x603920
0x603920 <node6> 0x00000150
0x603928 <node6+8> 0x000000

So, the value of node1 to node6 are f6, 304, b7, eb, 21f, 150. I know b7 < eb < f6 < 150 < 21f < 304, so the order of nodes should be 3 0 5 4 1 2 (or 2 5 0 1 4 3 – in ascending order) and I should add +1 to all numbers. so I did. But when I put 4 1 6 5 2 3 or 3 6 1 2 5 4, it explodes.

I tried many methods of solution on internet. Some solution said that I should order these reversely like this : pos(1) (which means 5) : 4(5 is 4th number in ‘4 1 6 5 2 3’) pos(2) (which means 4) : 1 pos(3) : 6 pos(4) : 5 pos(5) : 2 pos(6) : 3 So I tried 4 1 6 5 2 3, but it doesn’t work too.

Actually I tried (3 6 1 2 5 4) (4 1 6 5 2 3) (3 4 1 6 5 2) (2 5 6 1 4 3) (4 3 6 1 2 5) (1 6 5 2 3 4) (6 1 2 5 4 3) (2 3 4 1 6 5) (3 2 5 6 1 4) (4 1 6 5 2 3) (5 6 1 4 3 2)

But there was no answer in these trials. Can you give me some help how about my code? I can’t understand what is going on..

Related Posts:

  1. What is “2’s Complement”?
  2. Why prefer two’s complement over sign-and-magnitude for signed numbers?
  3. bad operand types for binary operator “&” java
  4. Reading a binary file with python
  5. What is the difference between signed and unsigned binary
  6. How is overflow detected in two’s complement?
  7. Are the shift operators (<<, >>) arithmetic or logical in C?
  8. How to used the alphabet binary symbols
  9. What is the “biggest” negative number on a 4-bit machine?
  10. convert decimal numbers to excess-127 representations
  11. Converting an integer to binary in C
  12. Is it possible to program in binary?
  13. Bash: No such file or directory?
  14. Binary Search Tree Implementation in C++ STL?
  15. Why unsigned int 0xFFFFFFFF is equal to int -1?
  16. C++ – Decimal to binary converting
  17. How do you express binary literals in Python?
  18. How to reverse an std::string? [duplicate]
  19. Binary numbers in Python
  20. What does the ‘b’ character do in front of a string literal?
  21. Reading a binary file with python
  22. What does the ‘b’ character do in front of a string literal?
  23. No Symbol Table using GDB on Compiled Programs
  24. How to convert string to binary?
  25. What does \x00 mean in binary file?
  26. How to convert a Binary String to a base 10 integer in Java
  27. Program received signal SIGPIPE, Broken pipe
  28. Convert hex to binary
  29. Convert decimal to binary in python
  30. How do I remove a single breakpoint with GDB?
  31. Converting binary to decimal integer output
  32. How to print register values in GDB?
  33. Installing cgdb on a mac os x
  34. Python int to binary string?
  35. gdb: “No symbol table is loaded”
  36. How to convert string to binary?
  37. Display value found at given address gdb
  38. How to use gdb with pipes and stdin
  39. How to convert float number to Binary?
  40. How to disassemble a memory range with GDB?
  41. How do I run a program with commandline arguments using GDB within a Bash script?
  42. gdb fails with “Unable to find Mach task port for process-id” error
  43. gdb error not in executable format: File format not recognized
  44. How to convert ‘binary string’ to normal string in Python3?
  45. What’s the difference between nexti and stepi in gdb?
  46. Core dump file analysis
  47. Read and write to binary files in C?
  48. Unknown ending signal when using debugger gdb
  49. Fastest way to Convert String to Binary?
  50. Reading and writing binary file
  51. Step out of current function with GDB
  52. How can one see content of stack with GDB?
  53. Is there an “until” command in gdb?
  54. How to print in binary mode in gdb?
  55. Converting integer to binary in python
  56. gcc -g :what will happen
  57. How to print (using cout) a number in binary form?
  58. Python conversion from binary string to hexadecimal
  59. gdb debugging in Terminal OS X (10.8.5) with zsh
  60. no debugging symbols found when using gdb
  61. gdb split view with code
  62. gdb: No symbol “i” in current context
  63. C – Error is “free(): invalid next size (normal) “
  64. gdb can’t access memory address error
  65. “please check gdb is codesigned – see taskgated(8)” – How to get gdb installed with homebrew code signed?
  66. GDB no such file or directory
  67. What is the jmpq command doing in this example
  68. [Binary Bomb – Phase 4
  69. How do I grep through binary files that look like text?

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)