课程实验2详细说明

2012-03-21

Lab 2: Defusing a Binary Bomb

                                  Lujin (11210240054@fudan.edu.cn)

Assigned: Mon., Mar. 19th, Due: Sun., Apr.15th, 23:59

 

 

1 Introduction

The nefarious Dr. Evil has planted a slew ofbinary bombson our machines. A binary bomb is a program that consists of a sequence of phases. Each phase expects you to type a particular string on stdin. If you type the correct string, then the phase is defused and the bomb proceeds to the next phase. Otherwise, the bomb explodes and then terminates. The bomb is defused when every phase has been defused.

 

There are too many bombs for us to deal with, so we are giving each one a bomb to defuse. Your mission, which you have no choice but to accept, is to defuse your bomb before the due date. Good luck, and welcome to the bomb squad!

 

Step 1: Get Your Bomb

Each student will attempt to defuse a bomb. The bomb is a Linux binary executable file that has been compiled from a C program.

 

Note that if you have an odd student ID, you must defuse "bomb1", otherwise please defuse "bomb0".

 

Step 2: Defuse Your Bomb

Once you have received your bomb from the bomb daemon, save it in a secure directory. Your job is to defuse the bomb.

 

You can use many tools to help you with this, please look at the Hints section for some tips and ideas. The best way is to use your favorite debugger to step through the disassembled binary.

 

Each phase is worth 10 points, for a total of 60 points. The correctness points for each phase is 5 and the rest points is for your report. Your bomb contains a secret phase(worth 10 points too), if you defused it successfully, you can get this 10 points. But the full score is 60.

 

The phases get progressively harder to defuse, but the expertise you gain as you move from phase to phase should offset this difficulty. However, the last phase will challenge even the best students, so please dont wait until the last minute to start.

 

The bomb ignores blank input lines. If you run the bomb with a command line argument such as psol.txt, it will read the input lines from psol.txt until it reaches EOF, and then switch over to stdin. In a moment of weakness, Dr. Evil added this feature so you dont have to keep retyping the solutions to phases you have already defused. The input text file must meet the following format: the first line is the number of bombs passwords; then each line is a password correspondingly. For example, the psol.txt is as following:

2

2345

32523

This means there are 2 bombspasswords. The first bombs password is 2345 and the second

one is 32523. And the rest 4 ones will be read from stdin.

 

To avoid accidently detonating the bomb, you will need to learn how to single -step through the assembly code and how to set breakpoints. You will also need to learn how to inspect both the registers and the memory states. One of the nice side-effects of doing the lab is that you will get very good at using a debugger. This is a crucial skill that will pay big dividends the rest of your career.

 

Hints (Please read this!)

There are many ways of defusing your bomb. You can examine it in great detail without ever running the program, and figure out exactly what it does. This is a useful technique, but it not always easy to do. You can also run it under a debugger, watch what it does step by step, and use this information to defuse it. This is probably the fastest way of defusing it.

 

We do make one request, please do not use brute force! You could write a program that will try every possible key to find the right one.

 

There are many tools which are designed to help you figure out both how programs work, and what is wrong when they dont work. Here is a list of some of the tools you may find useful in analyzing your bomb, and hints on how to use them.

 

_ gdb

  The GNU debugger, this is a command line debugger tool available on virtually every platform.

  You can trace through a program line by line, examine memory and registers, look at both the

source code and assembly code (we are not giving you the source code for most of your bomb),

set breakpoints, set memory watch points, and write scripts.

  Here are some tips for using gdb.

  To keep the bomb from blowing up every time you type in a wrong input, youll want to learn how to set breakpoints.

    For other documentation, typehelpat the gdb command prompt, or typeman gdb, orinfo gdbat a Unix prompt. Some people also like to run gdb under gdb-mode in emacs.

 

_ objdump -t

This will print out the bombs symbol table. The symbol table includes the names of all functions and global variables in the bomb, the names of all the functions the bomb calls, and their addresses. You may learn something by looking at the function names!

 

_ objdump -d

  Use this to disassemble all of the code in the bomb. You can also just look at individual functions. Reading the assembler code can tell you how the bomb works.

 

_ strings

  This utility will display the printable strings in your bomb.

 

Looking for a particular tool? How about documentation? Dont forget, the commands apropos

and man are your friends. In particular, man ascii might come in useful. Also, the web may

also be a treasure trove of information. If you get stumped, feel free to ask your TA for help.

 

 

Hand In Instructions

When you finished defusing the bomb, you should generate one TXT file named pwd.txt. This file should begin with a number which stands for the number of phases, here that should be 6.

Following are the 6 numbers to defuse the bomb. For example:

 

6

123456

1234

123

11111

11111

333333

 

To hand in pwd.txt file, name your pwd.txt file as "pwd_studentID.txt" (e.g. pwd_12345678.txt).

 

And you must hand in the other file, namely your report. Your report should tell me how you defuse your bomb and why you think so. Please make sure the total number of pages of your report less than 3. Name your report as "report_studentID.doc" or "report_studentID.pdf".

 

Before uploading files to ftp://ics2012:ics2012@10.141.247.12/upload/lab2/ or my mailbox, you should zip both files as a zip file, please name this final file as "Lab2_studentID.zip". You only have to upload this file.

 

【关闭窗口】