x86 Binary Bomb Lab: Phase 1
Hello World! Today we’re going to solve the first phase of the x86 binary bomb lab by Xeno Kovah of OpenSecurityTraining2.
I’ll be using gdb on my remnux virtual machine as my go-to debugger and without further ado, lets get started!
The binary bomb arrives as an ELF file with debug_info and it is a non-stripped file, meaning that we can use labels instead of using raw addresses which is alot easier than using addresses.
Upon execution, the program greets us telling us that we have 6 phases to blow ourselves up with, and then waits for our input.
Opening our program with gdb and setting up a breakpoint at main we notice that the first few instructions are related to initializing the bomb, outputting the greet message, things that we are not interested in.
The main function contains a series of callinstructions to all of the 6 phases.
The real fun begins when we step into <phase_1> , We notice that some memory reference is moved into the EAX register, that memory reference happens to be our input string, which in my current instance is asdasdasd
We notice that the value of EAX and an immediate value is pushed onto the stack before calling <strings_not_equal> , so we must check the value of this immediate memory reference is..
So <strings_not_equal> will take our input string and this string literal which will then compare between them: If the two strings are not equal, the function returns 1 and if they are equal, it returns 0 instead.
In our current instance it’ll return 1 since our input is not equal to the string literal.
Then the program tests the value of EAX to check if its zero, if it is then we jump over the <explode_bomb> function and skip it which is what we want: So our goal here is to make <strings_not_equal> return 0.
We do that by inserting “Public speaking is very easy.” as an input, and sure enough, EAX is set to zero and we take the jump, skipping <explode_bomb> and finishing <phase_1> .
And that wraps up the first phase of the x86 binary bomb lab, see you on the next phase!
