本文详细介绍了二进制炸弹挑战的第4、5、6阶段,包括递归函数的分析、字符串解密和链表处理。在phase_4中,通过递归和调试找到了解决问题的关键;phase_5涉及字符串按位操作,通过ASCII码和按位与运算找到解密规律;phase_6则需要理解链表操作。通过对程序的深入分析,最终成功解密并进入secret phase。
前情回顾
上回说到了前4题,接下来说phase_4
phase_4递归
本来以为网上的很多教程都有讲解,实在不行看看别人的教程,可是、、、看了好久也没有和我的一样的题型,本题我认为是最难的一个,没有之一。好了,回顾一下心酸的历程。
08049660 <func4>:
8049660: 55 push %ebp
8049661: 89 e5 mov %esp,%ebp
8049663: 83 ec 18 sub $0x18,%esp
8049666: 8b 55 0c mov 0xc(%ebp),%edx
8049669: 8b 45 10 mov 0x10(%ebp),%eax
804966c: 01 d0 add %edx,%eax
804966e: 89 c2 mov %eax,%edx
8049670: c1 ea 1f shr $0x1f,%edx
8049673: 01 d0 add %edx,%eax
8049675: d1 f8 sar %eax
8049677: 89 45 f4 mov %eax,-0xc(%ebp)
804967a: 8b 45 0c mov 0xc(%ebp),%eax
804967d: 3b 45 10 cmp 0x10(%ebp),%eax
8049680: 7c 13 jl 8049695 <func4+0x35>
8049682: 8b 45 10 mov 0x10(%ebp),%eax
8049685: 8d 14 85 00 00 00 00 lea 0x0(,%eax,4),%edx
804968c: 8b 45 08 mov 0x8(%ebp),%eax
804968f: 01 d0 add %edx,%eax
8049691: 8b 00 mov (%eax),%eax
8049693: eb 3c jmp 80496d1 <func4+0x71>
8049695: 83 ec 04 sub $0x4,%esp
8049698: ff 75 f4 pushl -0xc(%ebp)
804969b: ff 75 0c pushl 0xc(%ebp)
804969e: ff 75 08 pushl 0x8(%ebp)
80496a1: e8 ba ff ff ff call 8049660 <func4>
80496a6: 83 c4 10 add $0x10,%esp
80496a9: 89 45 f0 mov %eax,-0x10(%ebp)
80496ac: 8b 45 f4 mov -0xc(%ebp),%eax
80496af: 83 c0 01 add $0x1,%eax
80496b2: 83 ec 04 sub $0x4,%esp
80496b5: ff 75 10 pushl 0x10(%ebp)
80496b8: 50 push %eax
80496b9: ff 75 08 pushl 0x8(%ebp)
80496bc: e8 9f ff ff ff call 8049660 <func4>
80496c1: 83 c4 10 add $0x10,%esp
80496c4: 89 45 ec mov %eax,-0x14(%ebp)
80496c7: 8b 45 ec mov -0x14(%ebp),%eax
80496ca: 39 45 f0 cmp %eax,-0x10(%ebp)
80496cd: 0f 4d 45 f0 cmovge -0x10(%ebp),%eax
80496d1: c9 leave
80496d2: c3 ret
080496d3 <phase_4>:
80496d3: 55 push %ebp
80496d4: 89 e5 mov %esp,%ebp
80496d6: 57 push %edi
80496d7: 56 push %esi
80496d8: 53 push %ebx
80496d9: 81 ec bc 00 00 00 sub $0xbc,%esp
80496df: 8d 85 40 ff ff ff lea -0xc0(%ebp),%eax
80496e5: bb 40 b2 04 08 mov $0x804b240,%ebx
80496ea: ba 29 00 00 00 mov $0x29,%edx
80496ef: 89 c7 mov %eax,%edi
80496f1: 89 de mov %ebx,%esi
80496f3: 89 d1 mov %edx,%ecx
80496f5: f3 a5 rep movsl %ds:(%esi),%es:(%edi)
80496f7: 8d 85 38 ff ff ff lea -0xc8(%ebp),%eax
80496fd: 50 push %eax
80496fe: 8d 85 3c ff ff ff lea -0xc4(%ebp),%eax
8049704: 50 push %eax
8049705: 68 ff b1 04 08 push $0x804b1ff
804970a: ff 75 08 pushl 0x8(%ebp)
804970d: e8 be f9 ff ff call 80490d0 <__isoc99_sscanf@plt>
8049712: 83 c4 10 add $0x10,%esp
8049715: 89 45 e4 mov %eax,-0x1c(%ebp)
8049718: 83 7d e4 02 cmpl $0x2,-0x1c(%ebp)
804971c: 74 0f je 804972d <phase_4+0x5a>
804971e: e8 c5 07 00 00 call 8049ee8 <explode_bomb>
8049723: b8 00 00 00 00 mov $0x0,%eax
8049728: e9 bc 00 00 00 jmp 80497e9 <phase_4+0x116>
804972d: 8b 95 38 ff ff ff mov -0xc8(%ebp),%edx
8049733: 8b 85 3c ff ff ff mov -0xc4(%ebp),%eax
8049739: 83 ec 04 sub $0x4,%esp
804973c: 52 push %edx
804973d: 50 push %eax
804973e: 8d 85 40 ff ff ff lea -0xc0(%ebp),%eax
8049744: 50 push %eax
8049745: e8 16 ff ff ff call 8049660 <func4>
804974a: 83 c4 10 add $0x10,%esp
804974d: 3d e9 01 00 00 cmp $0x1e9,%eax
8049752: 74 0f je 8049763 <phase_4+0x90>
8049754: e8 8f 07 00 00 call 8049ee8 <explode_bomb>
8049759: b8 00 00 00 00 mov $0x0,%eax
804975e: e9 86 00 00 00 jmp 80497e9 <phase_4+0x116>
8049763: 8b 85 3c ff ff ff mov -0xc4(%ebp),%eax
8049769: 85 c0 test %eax,%eax
804976b: 7e 36 jle 80497a3 <phase_4+0xd0>
804976d: 8b 85 38 ff ff ff mov -0xc8(%ebp),%eax
8049773: 8b 95 3c ff ff ff mov -0xc4(%ebp),%edx
8049779: 83 ea 01 sub
最低0.47元/天 解锁文章
扫一扫
50
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
