Bomb Lab: Phase 2
About 1 minAbout 376 words
Assembly
000000000040145e <phase_2>:
b0:
40145e: 55 push %rbp
40145f: 53 push %rbx
401460: 48 83 ec 28 sub $0x28,%rsp
401464: 48 89 e6 mov %rsp,%rsi
401467: e8 2c 07 00 00 callq 401b98 <read_six_numbers>
40146c: 83 3c 24 00 cmpl $0x0,(%rsp)
401470: 75 07 jne 401479 <phase_2+0x1b>
401472: 83 7c 24 04 01 cmpl $0x1,0x4(%rsp)
401477: 74 23 je 40149c <phase_2+0x3e>
b1:
401479: e8 de 06 00 00 callq 401b5c <explode_bomb>
40147e: 66 90 xchg %ax,%ax
401480: eb 1a jmp 40149c <phase_2+0x3e>
b2:
401482: 8b 43 f8 mov -0x8(%rbx),%eax
401485: 03 43 fc add -0x4(%rbx),%eax
401488: 39 03 cmp %eax,(%rbx)
40148a: 74 05 je 401491 <phase_2+0x33>
40148c: e8 cb 06 00 00 callq 401b5c <explode_bomb>
b3:
401491: 48 83 c3 04 add $0x4,%rbx
401495: 48 39 eb cmp %rbp,%rbx
401498: 75 e8 jne 401482 <phase_2+0x24>
40149a: eb 0e jmp 4014aa <phase_2+0x4c>
b4:
40149c: 48 89 e5 mov %rsp,%rbp
40149f: 48 8d 5c 24 08 lea 0x8(%rsp),%rbx
4014a4: 48 83 c5 18 add $0x18,%rbp
4014a8: eb d8 jmp 401482 <phase_2+0x24>
b5:
4014aa: 48 83 c4 28 add $0x28,%rsp
4014ae: 5b pop %rbx
4014af: 5d pop %rbp
4014b0: c3 retq
翻译为 C
void phase_2() {
b0:
// push rbp rbx
rsp -= 0x28;
rsi = rsp;
rax = read_six_numbers();
if (*rsp) goto b1;
if (*(rsp + 0x4) == 1) goto b4;
b1:
explode_bomb();
nop();
goto b4;
b2:
rax = *(rbx - 0x8); // 32-bit
rax += *(rbx - 0x4); // 32-bit
if (*rbx == rax) // 32-bit
goto b3;
explode_bomb();
b3:
rbx += 0x4;
if (rbx != rbp) goto b2;
goto b5;
b4:
rbp = rsp;
rbx = rsp + 0x8;
rbp += 0x18;
goto b2;
b5:
rsp += 0x28;
// pop rbx rbp
return;
}
Optimize
void phase_2(char* rdi) {
int rsp[10];
read_six_numbers(rdi, rsp);
if (rsp[0] != 0 || rsp[1] != 1) explode_bomb();
for (int* rbx = rsp + 2; rbx != rsp + 6; ++rbx) {
if (rbx[0] != rbx[-1] + rbx[-2]) explode_bomb();
}
}
Solution
- 0
- 1
- 0 + 1 = 1
- 1 + 1 = 2
- 1 + 2 = 3
- 2 + 3 = 5
0 1 1 2 3 5