首页
网站开发
桌面应用
管理软件
微信开发
App开发
嵌入式软件
工具软件
数据采集与分析
其他
首页
>
> 详细
代写CISC221、Java/Python设计编程代做
项目预算:
开发周期:
发布时间:
要求地区:
CISC221: The Bomb Lab
This lab serves as a newly added experiential learning module within CISC221, offering
hands-on exposure to binary files and assembly code debugging at the instruction set
level of the x86 processor. Understanding debugging at this level is crucial for grasping
computer architecture and gaining reverse engineering proficiency. Such skills are vital
to fields like code optimization, embedded systems, and cybersecurity. Furthermore, it
fosters essential debugging skills applicable across diverse programming domains. By
emphasizing the lab's hands-on approach, its challenging yet rewarding nature, and the
career prospects it offers, students are motivated to engage actively, deepening their
comprehension of low-level computing and laying a foundation for advanced learning in
related subjects.
Good luck, and welcome to the bomb squad!
I. Description
This lab is for a digital binary bomb, with the schematic shown below.
2
As illustrated in the diagram, the binary bomb is composed of four distinct phases, each
requiring a specific input string, set of numbers, or combination thereof for successful
defusal. Correctly entering the required input disarms the phase, allowing the bomb to
advance to the next stage. Failure to provide accurate input triggers an explosion,
signaled by the display of "BOOM!!!" before termination. The entire bomb is considered
defused only when all four phases have been disarmed. Each student will receive their
own bomb to defuse as part of this mini-project. Your objective is to successfully
disarm your assigned bomb before the designated due date.
The executable binary file is the bomb is called “bomb_lab” and is located at the
CASLAB machines in the following directory linux>cas/course/cisc221. To access the
bomb_lab file, you should first go up to root directory by typing (cd ..) twice, then
navigate to the following folder linux>cas/course/cisc221 as shown below
You can then run the bomb by (./bomb_lab) or debug the bomb by (gdb bomb_lab).
II. Overview
The Bomb consists of four phases (sub-problems):
1) Phase 1: Requires a textual input, for example, "Hello world."
2) Phase 2: Requires an array of six numbers, for example, 12 34 81 23 10 22.
3) Phase 3: Requires three inputs in the order of integer, character, and integer, with
the first integer falling within the range of 0 to 7, for example, 3 Z 1.
4) Phase 4: Requires a textual input, for example, "Goodbye!"
You should work on the gdb debugger to trace clues, disassemble functions, investigate
the contents of the registers/stack to find the defusal passcodes for each phase. The
most important registers that you should keep track of their content are
• %rax: return value
• %rsp: stack pointer
• %rdi: 1st argument
• %rsi: 2nd argument
• %rdx: 3rd argument
• %rbp: base pointer
3
Please note that registers are typed in the gdb debugger preceded by a dollar sign
($rax) not a percentage sign. For instance to check the data in %rax, you type (info
registers $rax)
To help you find some clues, Table 1 highlights the most important labels for each phase
and Table 2 lists all the debugging commands that you will need to defuse your bomb
Table 1. most important labels
Table 2. gdb common commands
command desc example
run runs the loaded executable program run
break
[func_name]
breaks once you call a specific function break phase_1
break *
mem_loc
breaks when you execute the instruction at
a certain address
break * 0x0000555555555ef9
info
breakpoints
displays information about all breakpoints
currently set
info breakpoints
deletel
breakpoints
delete a specific breakpoint delete breakpoints 10 //delete
breakpoint number 10
continue continue to the next breakpoint continue
stepi steps through a single x86 instruction.
Steps into calls.
stepi
nexti steps through a single x86 instruction.
Steps over calls.
nexti
Phase Important functions/labels
Phase_1 ● strings_not_equal
● string_length
Phase_2 ● generatedValues
Phase_3 -
Phase_4 ● generateRandomChars
● validateOccurrence
4
disassemble views assembly code while debugging disassemble or disassemble
“label”
info registers prints the names and values of all
registers
info registers
info register
$reg
prints the name and value for specific
register
info register $rax
set $reg = val assign value to a certain register set $rdi = 0x80
x command prints values stored in a certain address
with a specific format
1) x/s 140737488227040
#display values in string format
2) x/d 140737488341111
#display values in decimal
format
III. Goal & Guidelines
The ultimate goal for each phase is to determine the registers containing the correct
input by navigating through “stepi” or over “nexti” the assembly code, inspecting the
values of the registers using "info register $reg" and then updating the registers that
hold your input with the correct value through "set $reg = val" to defuse the phase.
There are several tips for deactivating the bomb:
● Once on the correct directory (cas/course/cisc221), you can begin debugging
by using the gdb command: gdb bomb_lab.
● Set breakpoints on all phases, i.e., break phase_1, break phase_2, break
phase_3, and break phase_4., you can also add more breakpoints on crucial
parts.
5
● Start the bomb program by prompting the run command and enter you student
ID.
Phase#1
Desc: The input text will be compared against a predefined string.
● The program anticipates a string input for the first phase. It is advisable to
employ a concise and memorable text, e.g., test, similar to the example below.
● It should hit the phase_1 breakpoint (added previously), disassemble
command can be utilized to show the assembly code for the current block. The
small arrow in the left of the screen (see below) indicates the command at which
the program is executing next.
6
● If you defuse phase_1 successfully, you will get “Phase 1 defused. How about
the next one?”
● Otherwise, the bomb will explode and return
Phase#2
Desc: The input is an array of six numbers with a space separator, for example, 12 34
81 23 10 22, that will be compared against a predefined array.
● The program anticipates an input of 6 numbers for the second phase. It is
advisable to employ concise and memorable integers, similar to the example
below.
● If you defuse phase_2 successfully, you will get “Halfway there!”
● Otherwise, the bomb will explode and return
Phase#3
Desc: The input is three values in the following order, separated by spaces: an integer
(should be within the range of 0 to 7), a character, and another integer, e.g., 3 z 44.
● The program anticipates an input of three values for the third phase. It is
advisable to employ concise and memorable values, similar to the example
below.
● If you defuse phase_3 successfully, you will get “That's number 3. Keep
going!”
● Otherwise, the bomb will explode and return
Phase#4
Desc: In the final phase, an input of text is anticipated, and the provided text should
satisfy the occurrence of some random characters.
7
For instance, If the last phase generates random characters such as {l:3, x: 0, d: 1},
your input string should resemble something like "Hello world!"
Considering that the phase 4 characters are limited to only three random characters.
● The program anticipates an input of textual form (e.g., Have a Nice Day!). It is
advisable to employ concise and memorable text, similar to the example below.
● If you defuse phase_4 successfully, you will get “Congratulations! You've
defused the bomb!”
● Otherwise, the bomb will explode and return
IV. Hints
1. The input for each phase is entirely deterministic for every student, based on
the ID
2. Ensure constant attention and focus on the segment of code preceding the
explode_bomb function. In case you miss the correct input for any phase, you
can bypass the explosion by manipulating the flags register
https://en.wikipedia.org/wiki/FLAGS_register and setting or resetting the zero flag
based on the phase condition. It implies that there is consistently a condition or
validation check before the execution of the explode_bomb function.
E.g.,
The cmp instruction subtracts the value in the %edx register from the value in
the %eax register, but it doesn't store the result. It only updates the flags
register based on the outcome of the subtraction.
If the values in %eax and %edx are equal, It will result in zero, setting the Zero
Flag (ZF) in the flags register. In this case, the je instruction will jump to the
specified label or location. But, If the values in %eax and %edx are not equal,
resulting in ZF being set to zero, then the explode_bomb will be called.
3. To inspect the content stored at a particular memory location, you can employ the
x command, such as x/s for strings or x/d for integers,
8
E.g., cmpl $0x5,-0x30(%rbp)
This command compares the immediate value 5 with the value stored in memory
at an address calculated as 0x30 bytes before the address stored in the base
pointer %rbp. So, to get the value stored in this location:
I. gets $rbp value through info register command
II. subtracts 0x30 from 0x7fffb96afc90 = 0x7fffb96afc60. (you can also type
the address directly as 0x7fffb96afc90-0x30 and let the computer do the
computation for you)
III. checks memory location “0x7fffb96afc60” value via x/d as it translates it to
integers
V. Deliverables
Upload only your answers “correct inputs” for all defused phases. It is recommended to
use computer-based tools like “MS Word” instead of handwritten notes to minimize
readability mistakes.
VI. Acknowledgement
Special thanks for Hesham Elabd for importing and customizing this lab to CISC221 and
for Doug Martin for assistance in implementing and hosting the lab on Caslab machines.
Good luck
软件开发、广告设计客服
QQ:99515681
邮箱:99515681@qq.com
工作时间:8:00-23:00
微信:codinghelp
热点项目
更多
代写dts207tc、sql编程语言代做
2024-12-25
cs209a代做、java程序设计代写
2024-12-25
cs305程序代做、代写python程序...
2024-12-25
代写csc1001、代做python设计程...
2024-12-24
代写practice test preparatio...
2024-12-24
代写bre2031 – environmental...
2024-12-24
代写ece5550: applied kalman ...
2024-12-24
代做conmgnt 7049 – measurem...
2024-12-24
代写ece3700j introduction to...
2024-12-24
代做adad9311 designing the e...
2024-12-24
代做comp5618 - applied cyber...
2024-12-24
代做ece5550: applied kalman ...
2024-12-24
代做cp1402 assignment - netw...
2024-12-24
热点标签
mktg2509
csci 2600
38170
lng302
csse3010
phas3226
77938
arch1162
engn4536/engn6536
acx5903
comp151101
phl245
cse12
comp9312
stat3016/6016
phas0038
comp2140
6qqmb312
xjco3011
rest0005
ematm0051
5qqmn219
lubs5062m
eee8155
cege0100
eap033
artd1109
mat246
etc3430
ecmm462
mis102
inft6800
ddes9903
comp6521
comp9517
comp3331/9331
comp4337
comp6008
comp9414
bu.231.790.81
man00150m
csb352h
math1041
eengm4100
isys1002
08
6057cem
mktg3504
mthm036
mtrx1701
mth3241
eeee3086
cmp-7038b
cmp-7000a
ints4010
econ2151
infs5710
fins5516
fin3309
fins5510
gsoe9340
math2007
math2036
soee5010
mark3088
infs3605
elec9714
comp2271
ma214
comp2211
infs3604
600426
sit254
acct3091
bbt405
msin0116
com107/com113
mark5826
sit120
comp9021
eco2101
eeen40700
cs253
ece3114
ecmm447
chns3000
math377
itd102
comp9444
comp(2041|9044)
econ0060
econ7230
mgt001371
ecs-323
cs6250
mgdi60012
mdia2012
comm221001
comm5000
ma1008
engl642
econ241
com333
math367
mis201
nbs-7041x
meek16104
econ2003
comm1190
mbas902
comp-1027
dpst1091
comp7315
eppd1033
m06
ee3025
msci231
bb113/bbs1063
fc709
comp3425
comp9417
econ42915
cb9101
math1102e
chme0017
fc307
mkt60104
5522usst
litr1-uc6201.200
ee1102
cosc2803
math39512
omp9727
int2067/int5051
bsb151
mgt253
fc021
babs2202
mis2002s
phya21
18-213
cege0012
mdia1002
math38032
mech5125
07
cisc102
mgx3110
cs240
11175
fin3020s
eco3420
ictten622
comp9727
cpt111
de114102d
mgm320h5s
bafi1019
math21112
efim20036
mn-3503
fins5568
110.807
bcpm000028
info6030
bma0092
bcpm0054
math20212
ce335
cs365
cenv6141
ftec5580
math2010
ec3450
comm1170
ecmt1010
csci-ua.0480-003
econ12-200
ib3960
ectb60h3f
cs247—assignment
tk3163
ics3u
ib3j80
comp20008
comp9334
eppd1063
acct2343
cct109
isys1055/3412
math350-real
math2014
eec180
stat141b
econ2101
msinm014/msing014/msing014b
fit2004
comp643
bu1002
cm2030
联系我们
- QQ: 9951568
© 2021
www.rj363.com
软件定制开发网!