Binary Bomb Phase 4 (What is func4 doing?)

Question

This function:

 80486c5:   55                      push   %ebp
 80486c6:   89 e5                   mov    %esp,%ebp
 80486c8:   83 ec 28                sub    $0x28,%esp
 80486cb:   8d 45 f4                lea    -0xc(%ebp),%eax
 80486ce:   89 44 24 0c             mov    %eax,0xc(%esp)
 80486d2:   8d 45 f0                lea    -0x10(%ebp),%eax
 80486d5:   89 44 24 08             mov    %eax,0x8(%esp)
 80486d9:   c7 44 24 04 6a 9c 0c    movl   $0x80c9c6a,0x4(%esp)
 80486e0:   08 
 80486e1:   8b 45 08                mov    0x8(%ebp),%eax
 80486e4:   89 04 24                mov    %eax,(%esp)
 80486e7:   e8 14 30 00 00          call   804b700 <__isoc99_sscanf>
 80486ec:   83 f8 02                cmp    $0x2,%eax
 80486ef:   75 0d                   jne    80486fe <phase_4+0x39>
 80486f1:   8b 45 f4                mov    -0xc(%ebp),%eax
 80486f4:   83 f8 01                cmp    $0x1,%eax
 80486f7:   7e 05                   jle    80486fe <phase_4+0x39>
 80486f9:   83 f8 04                cmp    $0x4,%eax
 80486fc:   7e 05                   jle    8048703 <phase_4+0x3e>
 80486fe:   e8 b5 03 00 00          call   8048ab8 <explode_bomb>
 8048703:   8b 45 f4                mov    -0xc(%ebp),%eax
 8048706:   89 44 24 04             mov    %eax,0x4(%esp)
 804870a:   c7 04 24 05 00 00 00    movl   $0x5,(%esp)
 8048711:   e8 0a fd ff ff          call   8048420 <func4>
 8048716:   3b 45 f0                cmp    -0x10(%ebp),%eax
 8048719:   74 05                   je     8048720 <phase_4+0x5b>
 804871b:   e8 98 03 00 00          call   8048ab8 <explode_bomb>
 8048720:   c9                      leave  
 8048721:   c3                      ret  

asks for 2 integers, I know that much. It then checks to make sure the 2nd one (I think) is less than 4 and greater than 1.

After doing that it calls func4 which looks like this:

08048420 <func4>:
 8048420:   55                      push   %ebp
 8048421:   89 e5                   mov    %esp,%ebp
 8048423:   83 ec 28                sub    $0x28,%esp
 8048426:   89 5d f4                mov    %ebx,-0xc(%ebp)
 8048429:   89 75 f8                mov    %esi,-0x8(%ebp)
 804842c:   89 7d fc                mov    %edi,-0x4(%ebp)
 804842f:   8b 75 08                mov    0x8(%ebp),%esi
 8048432:   8b 5d 0c                mov    0xc(%ebp),%ebx
 8048435:   85 f6                   test   %esi,%esi
 8048437:   7f 07                   jg     8048440 <func4+0x20>
 8048439:   bb 00 00 00 00          mov    $0x0,%ebx
 804843e:   eb 29                   jmp    8048469 <func4+0x49>
 8048440:   83 fe 01                cmp    $0x1,%esi
 8048443:   74 24                   je     8048469 <func4+0x49>
 8048445:   89 5c 24 04             mov    %ebx,0x4(%esp)
 8048449:   8d 46 ff                lea    -0x1(%esi),%eax
 804844c:   89 04 24                mov    %eax,(%esp)
 804844f:   e8 cc ff ff ff          call   8048420 <func4>
 8048454:   89 c7                   mov    %eax,%edi
 8048456:   89 5c 24 04             mov    %ebx,0x4(%esp)
 804845a:   83 ee 02                sub    $0x2,%esi
 804845d:   89 34 24                mov    %esi,(%esp)
 8048460:   e8 bb ff ff ff          call   8048420 <func4>
 8048465:   01 c7                   add    %eax,%edi
 8048467:   01 fb                   add    %edi,%ebx
 8048469:   89 d8                   mov    %ebx,%eax
 804846b:   8b 5d f4                mov    -0xc(%ebp),%ebx
 804846e:   8b 75 f8                mov    -0x8(%ebp),%esi
 8048471:   8b 7d fc                mov    -0x4(%ebp),%edi
 8048474:   89 ec                   mov    %ebp,%esp
 8048476:   5d                      pop    %ebp
 8048477:   c3                      ret  

I've tried stepping through function 4 to find out what it is doing to the number passed through it, but I just can't. I think it needs to spit out 56 to pass the phase, but I don't know how to get to that.

Any help is greatly appreciated!!