1
    00000000004010d0 <func4>:
  4010d0:   48 83 ec 08             sub    $0x8,%rsp
  4010d4:   89 d0                   mov    %edx,%eax
  4010d6:   29 f0                   sub    %esi,%eax
  4010d8:   89 c1                   mov    %eax,%ecx
  4010da:   c1 e9 1f                shr    $0x1f,%ecx
  4010dd:   01 c8                   add    %ecx,%eax
  4010df:   d1 f8                   sar    %eax
  4010e1:   8d 0c 30                lea    (%rax,%rsi,1),%ecx
  4010e4:   39 f9                   cmp    %edi,%ecx
  4010e6:   7e 0c                   jle    4010f4 <func4+0x24>
  4010e8:   8d 51 ff                lea    -0x1(%rcx),%edx
  4010eb:   e8 e0 ff ff ff          callq  4010d0 <func4>
  4010f0:   01 c0                   add    %eax,%eax
  4010f2:   eb 15                   jmp    401109 <func4+0x39>
  4010f4:   b8 00 00 00 00          mov    $0x0,%eax
  4010f9:   39 f9                   cmp    %edi,%ecx
  4010fb:   7d 0c                   jge    401109 <func4+0x39>
  4010fd:   8d 71 01                lea    0x1(%rcx),%esi
  401100:   e8 cb ff ff ff          callq  4010d0 <func4>
  401105:   8d 44 00 01             lea    0x1(%rax,%rax,1),%eax
  401109:   48 83 c4 08             add    $0x8,%rsp
  40110d:   c3                      retq   

000000000040110e <phase_4>:
  40110e:   48 83 ec 18             sub    $0x18,%rsp
  401112:   48 8d 4c 24 08          lea    0x8(%rsp),%rcx
  401117:   48 8d 54 24 0c          lea    0xc(%rsp),%rdx
  40111c:   be 7d 28 40 00          mov    $0x40287d,%esi
  401121:   b8 00 00 00 00          mov    $0x0,%eax
  401126:   e8 b5 fb ff ff          callq  400ce0 <__isoc99_sscanf@plt>
  40112b:   83 f8 02                cmp    $0x2,%eax
  40112e:   75 07                   jne    401137 <phase_4+0x29>
  401130:   83 7c 24 0c 0e          cmpl   $0xe,0xc(%rsp)
  401135:   76 05                   jbe    40113c <phase_4+0x2e>
  401137:   e8 08 05 00 00          callq  401644 <explode_bomb>
  40113c:   ba 0e 00 00 00          mov    $0xe,%edx
  401141:   be 00 00 00 00          mov    $0x0,%esi
  401146:   8b 7c 24 0c             mov    0xc(%rsp),%edi
  40114a:   e8 81 ff ff ff          callq  4010d0 <func4>
  40114f:   83 f8 05                cmp    $0x5,%eax
  401152:   75 07                   jne    40115b <phase_4+0x4d>
  401154:   83 7c 24 08 05          cmpl   $0x5,0x8(%rsp)
  401159:   74 05                   je     401160 <phase_4+0x52>
  40115b:   e8 e4 04 00 00          callq  401644 <explode_bomb>
  401160:   48 83 c4 18             add    $0x18,%rsp
  401164:   c3                      retq

This is the assembly code that I need to solve. I already figured out function4 in c which is:

public static int func4(int a, int b, int c) {
        int x = c - b;
        int y = x >> 31;
        x = x + y;
        x = x >> 1;
        y = x + b;

        if(y <= a) {
            if(y >= a) {
                return 0;
            } else {
                return 2 * func4(a, y+1, c) +1;
            }
        } else {
            return 2 * func4(a, b, y-1);
        }
    }

The input for b and c in func4 is 0 and 14; I'm tasked with solving the correct input for the phase. I know the input is in the form "%d %d" from what I was able to figure out I know that the first input must be less than 14 and I believe the second input should be equal to 5. I tried solving myself and I got 10 for the first input and 5 for the second and that was wrong. Any help would be appreciated.

Josh Pokorny
  • 53
  • 6
  • `10 5` is in fact the correct solution. – Jester Mar 01 '19 at 23:28
  • When I run it on my terminal I have a breakpoint at 0x40115b to keep it from exploding and when I input 10 5, it returns that it hit that breakpoint. Im confused about that – Josh Pokorny Mar 01 '19 at 23:37
  • Logic says that is the correct solution. Also, I have taken what code you posted and tested it. Works fine here. You did not show the format string at `0x40287d` but I assume that is just `"%d %d"`. Put your breakpoint on `0x401154` and `x/wd $rsp+8`. – Jester Mar 01 '19 at 23:42
  • x/wd $rsp+8 returned 5 as expected and when I stepped through it goes from 59 to 60 to 64. But when I removed the break point and entered 10 5, it hit the breakpoint at 5b (explodes). Im confused by this – Josh Pokorny Mar 01 '19 at 23:56
  • I am confused too :) That should not happen. Anyway, does it work outside the debugger? Does it make a difference if you use a hw breakpoint? – Jester Mar 02 '19 at 00:01
  • Interesting it does work outside the debugger – Josh Pokorny Mar 02 '19 at 00:10

0 Answers0