, ,

[SOLVED] CISC221 The Bomb Lab

$25

File Name: CISC221_The_Bomb_Lab.zip
File Size: 188.4 KB

Categories: , , Tags: , ,
5/5 - (1 vote)

CISC221: The Bomb Lab

This lab serves as an experiential learning module within CISC221, offering hands-on exposure to binary files and assembly code debugging at the instruction set level of the x86 processor. Understanding debugging at this level is crucial for grasping computer architecture and gaining reverse engineering proficiency. Such skills are vital to fields like code  optimization,  embedded  systems,  and  cybersecurity.   Furthermore,   it  fosters essential  debugging  skills  applicable  across  diverse  programming  domains.   By emphasizing the lab’s hands-on approach, its challenging yet rewarding nature, and the career prospects it offers, students are motivated to engage actively, deepening their comprehension of low-level computing and laying a foundation for advanced learning in related subjects.

Goodluck, and welcome to the bomb squad!

I. Description

This lab is for a digital binary bomb, with the schematic shown below.

As illustrated in the diagram, the binary bomb is composed of four distinct phases, each requiring a specific input string, set of numbers, or combination thereof for successful defusal. Correctly entering the required input disarms the phase, allowing the bomb to advance to the  next  stage.  Failure to  provide  accurate  input  triggers  an  explosion, signaled by the display of “BOOM!!!” before termination. The entire bomb is considered defused only when all four phases have been disarmed. Each student will receive their own bomb to defuse as part of this mini-project. Your objective is to successfully disarm your assigned bomb before the designated due date.

The executable binary file is the bomb is called “bomb_lab” and is located at the CASLAB machines in the following directory linux>cas/course/cisc221. To access the bomb_lab file, you should first go up to root directory by typing (cd ..) twice, then navigate to the following folder linux>cas/course/cisc221 as shown below

You can then run the bomb by (./bomb_lab) or debug the bomb by  (gdb bomb_lab).

II. Overview

The Bomb consists of four phases (sub-problems):

1) Phase 1: Requires a textual input, for example, “Hello world.”

2) Phase 2: Requires an array of six numbers, for example, 12 34 81 23 10 22.

3) Phase 3: Requires three inputs in the order of integer, character, and integer, with the first integer falling within the range of 0 to 7, for example, 3 Z 1.

4) Phase 4: Requires a textual input, for example, “Goodbye!”

You should work on the gdb debugger to trace clues, disassemble functions, investigate the contents of the registers/stack to find the defusal passcodes for each phase. The most important registers that you should keep track of their content are

%rax: return value

%rsp: stack pointer

%rdi: 1st argument

%rsi: 2nd argument

%rdx: 3rd argument

%rbp: base pointer

Please note that registers are typed in the gdb debugger preceded by a dollar sign ($rax) not a percentage sign. For instance to check the data in %rax, you type (info registers $rax)

To help you find some clues, Table 1 highlights the most important labels for each

phase and Table 2 lists  all the debugging commands that you will need to defuse your bomb

Table 1. most important labels

Phase

Important functions/labels

Phase_1

strings_not_equal

string_length

Phase_2

generatedValues

Phase_3

Phase_4

●   generateRandomChars

●   validateOccurrence

Table 2. gdb common commands

command

desc

example

run

runs the loaded executable program

run

break

[func_name]

breaks once you call a specific function

break phase_1

break *

mem_loc

breaks when you execute the instruction at a certain address

break *  0x0000555555555ef9

info

breakpoints

displays information about all breakpoints currently set

info breakpoints

deletel

breakpoints

delete a specific breakpoint

delete breakpoints 10 //delete breakpoint number 10

continue

continue to the next breakpoint

continue

stepi

steps through a single x86 instruction. Steps into calls.

stepi

nexti

steps through a single x86 instruction.

nexti

Steps over calls.

disassemble

views assembly code while debugging

disassemble or disassemble “label”

info registers

prints the names and values of all registers

info registers

info register $reg

prints the name and value for specific register

info register $rax

set $reg = val

assign value to a certain register

set $rdi = 0x80

x command

prints values stored in a certain address with a specific format

1) x/s 140737488227040

#display values in string format

2) x/d 140737488341111 #display values in decimal format

III. Goal & Guidelines

The ultimate goal for each phase is to determine the registers containing the correct input by navigating through stepi” or over “ nexti” the assembly code, inspecting the    values of the registers using “info register $reg” and then updating the registers that  hold your input with the correct value through “set $reg = val” to defuse the phase.

There are several tips for deactivating the bomb:

●   Once on the correct directory (cas/course/cisc221), you can begin debugging by using the gdb command: gdb bomb_lab.

●   Set breakpoints on all phases, i.e., break phase_1, break phase_2, break

phase_3, and break phase_4., you can also add more breakpoints on crucial parts.

●   Start the bomb program by prompting the run command and enter you student ID.

Phase#1

Desc: The input text will be compared against a predefined string.

●   The program anticipates a string input for the first phase. It is advisable to

employ a concise and memorable text, e.g., test, similar to the example below.

●   It should hit the phase_1 breakpoint (added previously), disassemble

command can be utilized to show the assembly code for the current block. The   small arrow in the left of the screen (see below) indicates the command at which the program is executing next.

●   If you defuse phase_1 successfully, you will get “ Phase 1 defused. How about the next one?

●   Otherwise, the bomb will explode and return

Phase#2

Desc: The input is an array of six numbers with a space separator, for example, 12  34 81 23 10 22, that will be compared against a predefined array.

●   The program anticipates an input of 6 numbers for the second phase. It is

advisable to employ concise and memorable integers, similar to the example below.

●   If you defuse phase_2 successfully, you will get “ Halfway there!

●   Otherwise, the bomb will explode and return

Phase#3

Desc: The input is three values in the following order, separated by spaces: an integer (should be within the range of 0 to 7), a character, and another integer, e.g., 3 z 44.

●   The program anticipates an input of three values for the third phase. It is

advisable to employ concise and memorable values, similar to the example below.

●   If you defuse phase_3 successfully, you will get “That’s number 3. Keep going!

●   Otherwise, the bomb will explode and return

Phase#4

Desc: In the final phase, an input of text is anticipated, and the provided text should satisfy the occurrence of some random characters.

For instance, If the last phase generates random characters such as {l:3, x: 0, d: 1}, your input string should resemble something like “Hello world!”

Considering that the phase 4 characters are limited to only three random characters.

●   The program anticipates an input of textual form. (e.g., Have a Nice Day!). It is    advisable to employ concise and memorable text, similar to the example below.

●   If you defuse phase_4 successfully, you will get “Congratulations! You’ve defused the bomb!

●   Otherwise, the bomb will explode and return

IV. Hints

1.  The input for each phase is entirely deterministic for every student, based on the ID

2.  Ensure constant attention and focus on the segment of code preceding the

explode_bomb function. In case you miss the correct input for any phase, you can bypass the explosion by manipulating the flags register

https://en.wikipedia.org/wiki/FLAGS_registerand setting or resetting the zero flag based on the phase condition. It implies that there is consistently a condition or

validation check before the execution of the explode_bomb function.

E.g.,

The cmp instruction subtracts the value in the %edx register from the value in the %eax register, but it doesn’t store the result. It only updates the flags register based on the outcome of the subtraction.

If the values in %eax and %edx are equal, It will result in zero, setting the Zero Flag (ZF) in the flags register. In this case, the je instruction will jump to the specified label or location. But, If the values in %eax and %edx are not equal, resulting in ZF being set to zero, then the explode_bomb will be called.

3.  To inspect the content stored at a particular memory location, you can employ the x command, such as x/s for strings or x/d for integers,

E.g., cmpl   $0x5,-0x30(%rbp)

This command compares the immediate value 5 with the value stored in memory at an address calculated as 0x30 bytes before the address stored in the base pointer %rbp. So, to get the value stored in this location:

I. gets $rbp value through info register command

II. subtracts 0x30 from 0x7fffb96afc90 = 0x7fffb96afc60. (you can also type the address directly as 0x7fffb96afc90-0x30 and let the computer do the computation for you)

III. checks memory location “0x7fffb96afc60” value via x/d as it translates it to integers

Grading scheme

The bomb lab worth 10 marks towards your final grade. However, it will be graded out of 12 to provide two extra bonus marks for excellent students who can flawlessly diffuse the four stages of the bomb without explosions. To encourage careful and informed code debugging, we penalize each bomb explosion with 0.25 mark deduction. To account for honest mistakes (e.g.,  a password typo or a missing space), we allow four free bomb explosions (i.e., with no mark deductions).

To make the grading scheme clear, let x  be the number of times you blowup the bomb, then a deduction of

d = 0.25 × (x − 4)

will be applied to your final grade. Your final grade will be one of the following cases

Number of defused phases

Your Score

Didn’t exceed 4 explosions

(i.e., d 0)

Exceed 4 explosions

(i.e., d > 0)

None

0

0

1

3

3 d

1 & 2

6

6 d

1, 2, & 3

8

8 d

All 4 phases

12

12 d

Reviews

There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

Shopping Cart
[SOLVED] CISC221 The Bomb Lab
$25