This is asm code for binary bomb Phase_6.
00000000004010ca <phase_6>:
4010ca: 41 56 push %r14
4010cc: 41 55 push %r13
4010ce: 41 54 push %r12
4010d0: 55 push %rbp
4010d1: 53 push %rbx
4010d2: 48 83 ec 50 sub $0x50,%rsp
4010d6: 48 8d 74 24 30 lea 0x30(%rsp),%rsi
4010db: e8 68 04 00 00 callq 401548 <read_six_numbers>
4010e0: 4c 8d 64 24 30 lea 0x30(%rsp),%r12
4010e5: 4d 8d 74 24 14 lea 0x14(%r12),%r14
4010ea: 41 bd 01 00 00 00 mov $0x1,%r13d
4010f0: eb 28 jmp 40111a <phase_6+0x50>
4010f2: e8 1b 04 00 00 callq 401512 <explode_bomb>
4010f7: eb 30 jmp 401129 <phase_6+0x5f>
4010f9: e8 14 04 00 00 callq 401512 <explode_bomb>
4010fe: 48 83 c3 01 add $0x1,%rbx
401102: 83 fb 05 cmp $0x5,%ebx
401105: 7f 0b jg 401112 <phase_6+0x48>
401107: 8b 44 9c 30 mov 0x30(%rsp,%rbx,4),%eax
40110b: 39 45 00 cmp %eax,0x0(%rbp)
40110e: 75 ee jne 4010fe <phase_6+0x34>
401110: eb e7 jmp 4010f9 <phase_6+0x2f>
401112: 49 83 c5 01 add $0x1,%r13
401116: 49 83 c4 04 add $0x4,%r12
40111a: 4c 89 e5 mov %r12,%rbp
40111d: 41 8b 04 24 mov (%r12),%eax
401121: 83 e8 01 sub $0x1,%eax
401124: 83 f8 05 cmp $0x5,%eax
401127: 77 c9 ja 4010f2 <phase_6+0x28>
401129: 4d 39 f4 cmp %r14,%r12
40112c: 74 05 je 401133 <phase_6+0x69>
40112e: 4c 89 eb mov %r13,%rbx
401131: eb d4 jmp 401107 <phase_6+0x3d>
401133: be 00 00 00 00 mov $0x0,%esi
401138: 8b 4c b4 30 mov 0x30(%rsp,%rsi,4),%ecx
40113c: b8 01 00 00 00 mov $0x1,%eax
401141: ba f0 42 60 00 mov $0x6042f0,%edx
401146: 83 f9 01 cmp $0x1,%ecx
401149: 7e 0b jle 401156 <phase_6+0x8c>
40114b: 48 8b 52 08 mov 0x8(%rdx),%rdx
40114f: 83 c0 01 add $0x1,%eax
401152: 39 c8 cmp %ecx,%eax
401154: 75 f5 jne 40114b <phase_6+0x81>
401156: 48 89 14 f4 mov %rdx,(%rsp,%rsi,8)
40115a: 48 83 c6 01 add $0x1,%rsi
40115e: 48 83 fe 06 cmp $0x6,%rsi
401162: 75 d4 jne 401138 <phase_6+0x6e>
401164: 48 8b 1c 24 mov (%rsp),%rbx
401168: 48 8b 44 24 08 mov 0x8(%rsp),%rax
40116d: 48 89 43 08 mov %rax,0x8(%rbx)
401171: 48 8b 54 24 10 mov 0x10(%rsp),%rdx
401176: 48 89 50 08 mov %rdx,0x8(%rax)
40117a: 48 8b 44 24 18 mov 0x18(%rsp),%rax
40117f: 48 89 42 08 mov %rax,0x8(%rdx)
401183: 48 8b 54 24 20 mov 0x20(%rsp),%rdx
401188: 48 89 50 08 mov %rdx,0x8(%rax)
40118c: 48 8b 44 24 28 mov 0x28(%rsp),%rax
401191: 48 89 42 08 mov %rax,0x8(%rdx)
401195: 48 c7 40 08 00 00 00 movq $0x0,0x8(%rax)
40119c: 00
40119d: bd 05 00 00 00 mov $0x5,%ebp
4011a2: eb 09 jmp 4011ad <phase_6+0xe3>
4011a4: 48 8b 5b 08 mov 0x8(%rbx),%rbx
4011a8: 83 ed 01 sub $0x1,%ebp
4011ab: 74 11 je 4011be <phase_6+0xf4>
4011ad: 48 8b 43 08 mov 0x8(%rbx),%rax
4011b1: 8b 00 mov (%rax),%eax
4011b3: 39 03 cmp %eax,(%rbx)
4011b5: 7d ed jge 4011a4 <phase_6+0xda>
4011b7: e8 56 03 00 00 callq 401512 <explode_bomb>
4011bc: eb e6 jmp 4011a4 <phase_6+0xda>
4011be: 48 83 c4 50 add $0x50,%rsp
4011c2: 5b pop %rbx
4011c3: 5d pop %rbp
4011c4: 41 5c pop %r12
4011c6: 41 5d pop %r13
4011c8: 41 5e pop %r14
4011ca: c3 retq
This requires analysis to enter 6 non-identical numbers, less than 6 and separated by spaces.
like %d %d %d %d %d %d.
So I entered 1 2 3 4 5 6, and try until *0x04011a2.
(gdb) until *0x04011a2
0x00000000004011a2 in phase_6 ()
1: x/i $pc
=> 0x4011a2 <phase_6+216>: jmp 0x4011ad <phase_6+227>
(gdb) x/3x $rbx
0x6042f0 <node1>: 0x000002d8 0x00000001 0x00604300
(gdb) x/3x *($rbx+8)
0x604300 <node2>: 0x000003cf 0x00000002 0x00604310
(gdb) x/3x *(*($rbx+8)+8)
0x604310 <node3>: 0x00000369 0x00000003 0x00604320
(gdb) x/3x *(*(*($rbx+8)+8)+8)
0x604320 <node4>: 0x000001cc 0x00000004 0x00604330
(gdb) x/3x *(*(*(*($rbx+8)+8)+8)+8)
0x604330 <node5>: 0x00000265 0x00000005 0x00604340
(gdb) x/3x *(*(*(*(*($rbx+8)+8)+8)+8)+8)
0x604340 <node6>: 0x00000294 0x00000006 0x00000000
Based on the above results, I entered 4 5 6 1 3 2 and 2 3 1 6 5 4 but both blew up. What am I wrong?
Unlike other similar bomblab phase_6 problems, there does not appear to be any parts that show such as f(x) = N - x...
Did I misunderstand something and solve it?
