Assignment - 3 - Bomb
Assignment - 3 - Bomb
Preparation:
In order to complete this lab, you have to download a VM and run it on Oracle VirtualBox. The Bomb will
explode if you try to run it on a machine other than the provided VM.
• The VM machine image can be downloaded from the following URL:
https://drive.google.com/file/d/1QLhvcIoK5nrkv40PnfHBb1ZKcPlNibBG
• Oracle VirtualBox can be downloaded from the following URL:
https://www.virtualbox.org/wiki/Downloads
Download and install the suitable version of VirtualBox for your operating system.
After installation of the VirtualBox, you can import the VM intro VirtualBox by choosing File->
Import Appliance option. The user-id for the VM is “user” and the password is also “user”. The VM
has been configured to log in automatically.
For better performance, it is recommended to use the “Scaled Mode” view for the VirtualBox. It has
been observed that resizing the window or changing the screen resolution may decrease the
performance of the virtual machine. VirtualBox Extension Pack 6.1.10 is already installed on the
virtual machine, however, it is recommended to update VirtualBox Extension Pack.
• Students with M1 and M2 chips-based Notebooks should connect to a remote Linux Server via ssh to
defuse the binary bombs:
ssh [email protected] -p 4410
Logistics
This is an individual project. All hand-ins are electronic. Clarifications and corrections will be posted on
NYU Brightspace.
Hand-in
Please Submit your BombID and solutions for each phase in a single text file to Brightspace. The bomb will
notify your instructor automatically about your progress as you work on it. You can keep track of how you
are doing by looking at the class scoreboard at:
http://DCLAP-V1111-CSD.ABUDHABI.NYU.EDU:15213/scoreboard
This web page is updated automatically after every few seconds to show the progress of each bomb.
• Every time you guess wrong, a message is sent to the bomblab server. You could very quickly saturate
the network with these messages and cause the system administrators to revoke your computer access.
• We haven’t told you how long the strings are, nor have we told you what characters are in them. Even
if you made the (incorrect) assumptions that they all are less than 80 characters long and only contain
letters, then you will have 2680 guesses for each phase. This will take a very long time to run, and
you will not get the answer before the assignment is due.
There are many tools which are designed to help you figure out both how programs work, and what is wrong
when they don’t work. Here is a list of some of the tools you may find useful in analyzing your bomb, and
hints on how to use them.
• gdb
The GNU debugger is a command-line debugger tool available on virtually every platform. You can
trace through a program line by line, examine memory and registers, look at both the source code and
assembly code (we are not giving you the source code for most of your bomb), set breakpoints, set
memory watch points, and write scripts.
The file GDB-CheatSheet.pdf also posted with the assignment has a very handy single-page gdb
summary that you can print out and use as a reference. Here are some other tips for using gdb.
– To keep the bomb from blowing up every time you type in a wrong input, you’ll want to learn
how to set breakpoints.
– For online documentation, type “help” at the gdb command prompt, or type “man gdb”, or
“info gdb” at a Unix prompt. Some people also like to run gdb under gdb-mode in emacs.
• objdump -t
This will print out the bomb’s symbol table. The symbol table includes the names of all functions and
global variables in the bomb, the names of all the functions the bomb calls, and their addresses. You
may learn something by looking at the function names!
• objdump -d
Use this to disassemble all of the code in the bomb. You can also just look at individual functions.
Reading the assembler code can tell you how the bomb works.
Although objdump -d gives you a lot of information, it doesn’t tell you the whole story. Calls to
system-level functions are displayed in a cryptic form. For example, a call to sscanf might appear as:
8048c36: e8 99 fc ff ff call 80488d4 <_init+0x1a0>
To determine that the call was to sscanf, you would need to disassemble within gdb.
• strings
This utility will display the printable strings in your bomb.
Looking for a particular tool? How about documentation? Don’t forget, the commands apropos, man, and
info are your friends. In particular, man ascii might come in useful. info gas will give you more than you
ever wanted to know about the GNU Assembler. Also, the web may also be a treasure trove of information.
If you get stumped, feel free to ask your instructor for help.