7

I'm trying to do CMU's binary bomb as an independent project to learn some x86 Assembly and reverse engineering. (It's not an auto-graded version tied to a class.)

I downloaded bomb.tar from http://csapp.cs.cmu.edu/public/labs.html.

From CMU's lab description:

A "binary bomb" is a program provided to students as an object code file. When run, it prompts the user to type in 6 different strings. If any of these is incorrect, the bomb "explodes," printing an error message and logging the event on a grading server. Students must "defuse" their own unique bomb by disassembling and reverse engineering the program to determine what the 6 strings should be. The lab teaches students to understand assembly language, and also forces them to learn how to use a debugger. It's also great fun. A legendary lab among the CMU undergrads.

Here's a Linux/IA32 binary bomb that you can try out for yourself. The feature that notifies the grading server has been disabled, so feel free to explode this bomb with impunity.

After saving it into an appropriate folder I ran this command in the Terminal:

tar xvf bomb.tar

  1. It did extract a file called bomb (no file extension), but I thought it would also give me bomb.c, which would also be helpful for reference.

  2. I can't get "bomb" to run. Here's what I've tried:

    bomb
bomb: command not found

./bomb
bash: ./bomb: No such file or directory

  3. While I realize solving it requires stepping through it in gdb, I can't even run it in BASH and blow myself up with wrong answers yet! A little help would be fantastic.

Mingye Wang
  • 1,107
  • 9
  • 32
Seaver
  • 419
  • 1
  • 5
  • 10
  • We don't know what is in that archive, and even if able to download it - I won't recommend it as god knows what is in it. Best course of action will be to contact author of that archive. – Tymoteusz Paul Oct 18 '14 at 05:17
  • 1
    Works fine here on Ubuntu 14.04.1 LTS, 64 bit, AMD. ./bomb ran the bomb. Bomb says `Welcome to my fiendish little bomb. You have 6 phases with which to blow yourself up. Have a nice day!`. Pressing `CTRL+C` disabled the bomb with `So you think you can stop the bomb with ctrl-c, do you? Well...OK. :-)` – Paul Oct 18 '14 at 06:21
  • 4
    The reason you don't get `bomb.c` is because it would either contain the answer to the assignment, or make the assignment easier. – Paul Oct 18 '14 at 06:26
  • 1
    Run `ldd bomb` and see if you got the required 32 bit libc and runtime linker. – Jester Oct 18 '14 at 10:28
  • And make sure the execute bit is set on the file. – Chris Stratton Oct 18 '14 at 12:29
  • `bash: ./bomb: No such file or directory` you are trying to run a 64bit executable on a 32bit OS or a 32bit on a 64bit OS with no 32bit support. Please post the output of `uname -a`. – Stefano Sanfilippo Oct 19 '14 at 15:38
  • Thanks everyone. So far, here is the output I'm getting with some of your suggestions: – Seaver Oct 20 '14 at 02:00
  • Thanks everyone. So far, here is the output I'm getting with some of your suggestions: (1) Jester, "ldd bomb" results in "ldd: ./bomb: No such file or directory" (2) Chris Stratton, I don't actually know what that means; I'm a noob relative to anyone else trying to do this project! (3) Stefano, "uname -a" results in "Linux ubuntu 3.8.0-42-generic #62~precise1-Ubuntu SMP Wed Jun 4 22:04:18 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux" – Seaver Oct 20 '14 at 02:06

3 Answers3

1

Since Fabio A. Correa ran file on the bomb and found out that it was a 32-bit LSB executable, it seems that is is caused by some missing LSB scripts which should be loaded at startup.

Simply running sudo apt-get install lsb-core will fix this. After doing so, ldd bomb will also work.

Update:

Further ldd (after getting the LSB things ready) shows that it is actually caused by some inexist libc.so.6 => /lib32/libc.so.6, which is the libc of the i386 architecture. You can try installing the libc6-i386 package directly instead.

After that, you can run disassemble func_name in your gdb directly. With all the symbols preserved, you can see the names of the functions directly. strings might help you too.

Btw, this question should be placed in Unix&Linux, I guess.

Mingye Wang
  • 1,107
  • 9
  • 32
  • Thanks for the follow up, @2gluxon and @Arthur2e5! I can't test these answers since that VM died months ago, but I'll keep 32 vs 64-bit compatibility in mind for future reference :) – Seaver Jul 16 '15 at 14:12
  • 1
    When you use the `file` command on an ELF file, the information immediately after "32-bit" or "64-bit" is the endianness: "LSB" (Least Significant Byte first) or "MSB" (Most Significant Byte first). All i386 executables are little endian, so they'll all be identified as LSB. This is completely unrelated to the other LSB you're thinking of. –  Apr 05 '16 at 13:43
1

As the other answers have suggested, this appears to a CPU architecture compatibility issue. I was able to resolve this on Ubuntu 15.04 64-bit by installing the packages located at AskUbuntu.com How to run 32-bit programs on a 64-bit system [duplicate]

Specifically, the following command helped.

sudo apt-get install lib32z1 lib32ncurses5 lib32bz2-1.0
Community
  • 1
  • 1
gluxon
  • 750
  • 1
  • 7
  • 16
0

file bomb informs:

ELF 32-bit LSB  executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.0.0, not stripped

You should be able to run it on bash by typing:

tar xvf bomb.tar
chmod +x bomb
./bomb

It worked in my 64-bit Kubuntu 14.04.

Fabio A. Correa
  • 1,968
  • 1
  • 17
  • 26
  • Hmmm... even after running the chmod command I get "bash: ./bomb: No such file or directory" Perhaps I'll need to update my Ubuntu.... – Seaver Oct 20 '14 at 02:09
  • That's very weird. That executable is from 2002, what Ubuntu do you have there? Does `gdb ./bomb` work for you? – Fabio A. Correa Oct 20 '14 at 02:18
  • Right now I'm running Ubuntu 12.04.4 LTS. When I tell it "gdb ./bomb" it does give me a (gdb) prompt. When I tell it "run," it says Starting program: /home/seaver/bomb3/bomb /bin/bash: /home/seaver/bomb3/bomb: No such file or directory During startup program exited with code 127. – Seaver Oct 21 '14 at 05:48
  • This is nuts! I tried again with Kali Linux 3.12 on a VM. I'm getting the similar behavior. ldd ./bomb tells me "not a dynamic executable." – Seaver Oct 24 '14 at 04:30
  • 1
    Unbelievable. I don't know what to say; it works just fine here. – Fabio A. Correa Oct 24 '14 at 04:32
  • 1
    Trying yet another Linux VM, it worked on the first try with no problems. So weird that it failed on the first two versions I tried (Ubuntu 12.x, Kali 3.x). In any case, many thanks to everyone who proposed possible solutions! – Seaver Nov 17 '14 at 02:55