Lab 02: Reverse this!
Table of Contents
Submission Instructions
Submission instructions for labs can be found on the resource pages. In paticular, you should view this subsection: Creating a new branch and submitting
Part 1: Beef Fooey (1 point + 1 point)
Description
- Given the dissaembled object file, complete the c program to get the desired resultskextract the instructions, and write an equivalent program in c.
preliminaries
- The assignment can be completed on any machine
- gitlab repository
http://saddleback.academy.usna.edu/aviv/lab-2.1
Instructions
- fork and clone the repo
- You will find two files
main.c: a file containing the main programfoo.c: a blank file which you will in
- Complete
foo.csuch that the C code matches the following disassembly0000000 <foo>: 0: 55 push ebp 1: 89 e5 mov ebp,esp 3: 8b 45 0c mov eax,DWORD PTR [ebp+0xc] 6: c1 e0 0b shl eax,0xb 9: 83 c0 61 add eax,0x61 c: 01 45 08 add DWORD PTR [ebp+0x8],eax f: 8b 45 0c mov eax,DWORD PTR [ebp+0xc] 12: c1 e0 0e shl eax,0xe 15: 83 c0 76 add eax,0x76 18: 01 45 08 add DWORD PTR [ebp+0x8],eax 1b: 8b 45 0c mov eax,DWORD PTR [ebp+0xc] 1e: c1 e0 0e shl eax,0xe 21: 83 c0 79 add eax,0x79 24: 01 45 08 add DWORD PTR [ebp+0x8],eax 27: 8b 45 0c mov eax,DWORD PTR [ebp+0xc] 2a: c1 e0 0f shl eax,0xf 2d: 83 c0 21 add eax,0x21 30: 01 45 08 add DWORD PTR [ebp+0x8],eax 33: 8b 45 08 mov eax,DWORD PTR [ebp+0x8] 36: 5d pop ebp 37: c3 ret
- If completed properly, you should expect the following output from executing main:
user@si485H-base:2.1$ for i in `seq 1 1 5`; do for j in `seq 1 1 5`; do ./main $i $j; done; done foo(0x1,0x1) = 0x00010972 foo(0x1,0x2) = 0x00021172 foo(0x1,0x3) = 0x00031972 foo(0x1,0x4) = 0x00042172 foo(0x1,0x5) = 0x00052972 foo(0x2,0x1) = 0x00010973 foo(0x2,0x2) = 0x00021173 foo(0x2,0x3) = 0x00031973 foo(0x2,0x4) = 0x00042173 foo(0x2,0x5) = 0x00052973 foo(0x3,0x1) = 0x00010974 foo(0x3,0x2) = 0x00021174 foo(0x3,0x3) = 0x00031974 foo(0x3,0x4) = 0x00042174 foo(0x3,0x5) = 0x00052974 foo(0x4,0x1) = 0x00010975 foo(0x4,0x2) = 0x00021175 foo(0x4,0x3) = 0x00031975 foo(0x4,0x4) = 0x00042175 foo(0x4,0x5) = 0x00052975 foo(0x5,0x1) = 0x00010976 foo(0x5,0x2) = 0x00021176 foo(0x5,0x3) = 0x00031976 foo(0x5,0x4) = 0x00042176 foo(0x5,0x5) = 0x00052976
Submission Requirements
main.cmain programfoo.cfoo function
Bonus 1 point
- There is a hidden message in the instructions (hint: it's not "beef", but you're on the right track)
- If you cracked the message, create a
solution.jsonfile in your repo with the following fields:
msg : secret message desc : description of how the message was encoded
Part 2: Shifty Fooey (1 point)
Description
- Given the dissaembled object file, complete the c program to get the desired resultskextract the instructions, and write an equivalent program in c.
preliminaries
- The assignment can be completed on any machine
- gitlab repository
http://saddleback.academy.usna.edu/aviv/lab-2.2
Instructions
- fork and clone the repo
- You will find two files
main.c: a file containing the main programfoo.c: a blank file which you will in
- Complete
foo.csuch that the C code matches the following disassembly00000000 <foo>: 0: 55 push ebp 1: 89 e5 mov ebp,esp 3: 83 ec 10 sub esp,0x10 6: 8b 45 08 mov eax,DWORD PTR [ebp+0x8] 9: 0f b6 c0 movzx eax,al c: 89 45 fc mov DWORD PTR [ebp-0x4],eax f: 8b 45 08 mov eax,DWORD PTR [ebp+0x8] 12: 25 00 ff 00 00 and eax,0xff00 17: 89 45 f8 mov DWORD PTR [ebp-0x8],eax 1a: 8b 45 08 mov eax,DWORD PTR [ebp+0x8] 1d: 25 00 00 ff 00 and eax,0xff0000 22: 89 45 f4 mov DWORD PTR [ebp-0xc],eax 25: 8b 45 08 mov eax,DWORD PTR [ebp+0x8] 28: 25 00 00 00 ff and eax,0xff000000 2d: 89 45 f0 mov DWORD PTR [ebp-0x10],eax 30: c1 6d f0 18 shr DWORD PTR [ebp-0x10],0x18 34: c1 65 f4 08 shl DWORD PTR [ebp-0xc],0x8 38: c1 65 fc 10 shl DWORD PTR [ebp-0x4],0x10 3c: 81 75 f8 00 ff 00 00 xor DWORD PTR [ebp-0x8],0xff00 43: 8b 45 f8 mov eax,DWORD PTR [ebp-0x8] 46: 8b 55 fc mov edx,DWORD PTR [ebp-0x4] 49: 09 d0 or eax,edx 4b: 0b 45 f4 or eax,DWORD PTR [ebp-0xc] 4e: 0b 45 f0 or eax,DWORD PTR [ebp-0x10] 51: c9 leave 52: c3 ret
- If completed properly, you should expect the following output from executing main:
aviv@si485H-saddleback:2.2$ ./main 0xcafebabe foo(0xcafebabe) = 0xfebe45ca aviv@si485H-saddleback:2.2$ ./main 0xdeadbeef foo(0xdeadbeef) = 0xadef41de
Submission Requirements
main.cmain programfoo.cfoo function
Part 3: Pointy Fooey (2 point)
Description
- Given the dissaembled object file, complete the c program to get the desired resultskextract the instructions, and write an equivalent program in c.
preliminaries
- The assignment can be completed on any machine
- gitlab repository
http://saddleback.academy.usna.edu/aviv/lab-2.3
Instructions
- fork and clone the repo
- You will find two files
main.c: a file containing the main programfoo.c: a blank file which you will in
- Complete
foo.csuch that the C code matches the following disassembly00000000 <foo>: 0: 55 push ebp 1: 89 e5 mov ebp,esp 3: 83 ec 10 sub esp,0x10 6: 8b 45 08 mov eax,DWORD PTR [ebp+0x8] 9: 89 45 f8 mov DWORD PTR [ebp-0x8],eax c: eb 04 jmp 12 <foo+0x12> e: 83 45 f8 01 add DWORD PTR [ebp-0x8],0x1 12: 8b 45 f8 mov eax,DWORD PTR [ebp-0x8] 15: 0f b6 00 movzx eax,BYTE PTR [eax] 18: 84 c0 test al,al 1a: 75 f2 jne e <foo+0xe> 1c: 83 6d f8 01 sub DWORD PTR [ebp-0x8],0x1 20: 8b 45 08 mov eax,DWORD PTR [ebp+0x8] 23: 89 45 fc mov DWORD PTR [ebp-0x4],eax 26: eb 25 jmp 4d <foo+0x4d> 28: 8b 45 fc mov eax,DWORD PTR [ebp-0x4] 2b: 0f b6 00 movzx eax,BYTE PTR [eax] 2e: 88 45 f7 mov BYTE PTR [ebp-0x9],al 31: 8b 45 f8 mov eax,DWORD PTR [ebp-0x8] 34: 0f b6 10 movzx edx,BYTE PTR [eax] 37: 8b 45 fc mov eax,DWORD PTR [ebp-0x4] 3a: 88 10 mov BYTE PTR [eax],dl 3c: 8b 45 f8 mov eax,DWORD PTR [ebp-0x8] 3f: 0f b6 55 f7 movzx edx,BYTE PTR [ebp-0x9] 43: 88 10 mov BYTE PTR [eax],dl 45: 83 45 fc 01 add DWORD PTR [ebp-0x4],0x1 49: 83 6d f8 01 sub DWORD PTR [ebp-0x8],0x1 4d: 8b 45 fc mov eax,DWORD PTR [ebp-0x4] 50: 3b 45 f8 cmp eax,DWORD PTR [ebp-0x8] 53: 72 d3 jb 28 <foo+0x28> 55: 90 nop 56: c9 leave 57: c3 ret
- No sample output is provided for this one, you must complete the following solution.json:
{ "description" : "Program description" "input1" : "", "output1" : "", "input2": "", "output2": "", } - Note, it is important that your solution uses pointer arithmetic and not indexing,
Submission Requirements
main.cmain programfoo.cfoo functionsolution.jsonsolution information
Part 4: Hash Fooey (3 points)
Description
- Given the dissaembled object file, complete the c program to get the desired resultskextract the instructions, and write an equivalent program in c.
preliminaries
- The assignment can be completed on any machine
- gitlab repository
http://saddleback.academy.usna.edu/aviv/lab-2.4
Instructions
- fork and clone the repo
- You will find two files
main.c: a file containing the main programfoo.c: a blank file which you will in
- Complete
foo.csuch that the C code matches the functionality of the following disassembled output.
0x08048493 <+0>: push ebp 0x08048494 <+1>: mov ebp,esp 0x08048496 <+3>: push ebx 0x08048497 <+4>: sub esp,0x24 0x0804849a <+7>: mov WORD PTR [ebp-0xa],0x0 0x080484a0 <+13>: mov DWORD PTR [ebp-0x10],0x0 0x080484a7 <+20>: jmp 0x80484e6 <foo+83> 0x080484a9 <+22>: mov edx,DWORD PTR [ebp-0x10] 0x080484ac <+25>: mov eax,DWORD PTR [ebp+0x8] 0x080484af <+28>: add eax,edx 0x080484b1 <+30>: mov DWORD PTR [ebp-0x14],eax 0x080484b4 <+33>: mov eax,DWORD PTR [ebp-0x14] 0x080484b7 <+36>: movzx eax,WORD PTR [eax] 0x080484ba <+39>: xor WORD PTR [ebp-0xa],ax 0x080484be <+43>: movzx eax,WORD PTR [ebp-0xa] 0x080484c2 <+47>: shr ax,0x8 0x080484c6 <+51>: mov edx,eax 0x080484c8 <+53>: movzx eax,WORD PTR [ebp-0xa] 0x080484cc <+57>: shl eax,0x8 0x080484cf <+60>: or eax,edx 0x080484d1 <+62>: mov WORD PTR [ebp-0xa],ax 0x080484d5 <+66>: movzx eax,WORD PTR [ebp-0xa] 0x080484d9 <+70>: imul ax,ax,0xa7a7 0x080484de <+75>: mov WORD PTR [ebp-0xa],ax 0x080484e2 <+79>: add DWORD PTR [ebp-0x10],0x2 0x080484e6 <+83>: mov ebx,DWORD PTR [ebp-0x10] 0x080484e9 <+86>: mov eax,DWORD PTR [ebp+0x8] 0x080484ec <+89>: mov DWORD PTR [esp],eax 0x080484ef <+92>: call 0x8048330 <strlen@plt> 0x080484f4 <+97>: cmp ebx,eax 0x080484f6 <+99>: jb 0x80484a9 <foo+22> 0x080484f8 <+101>: movzx eax,WORD PTR [ebp-0xa] 0x080484fc <+105>: add esp,0x24 0x080484ff <+108>: pop ebx 0x08048500 <+109>: pop ebp 0x08048501 <+110>: ret
- If implemented properly, you should expect the following output
aviv@si485H-saddleback:2.4$ ./main "H"
hash("H") = 0xf800
aviv@si485H-saddleback:2.4$ ./main "He"
hash("He") = 0x1ce3
aviv@si485H-saddleback:2.4$ ./main "Hel"
hash("Hel") = 0x9f44
aviv@si485H-saddleback:2.4$ ./main "Hell"
hash("Hell") = 0xa210
aviv@si485H-saddleback:2.4$ ./main "Hello"
hash("Hello") = 0xf0ae
aviv@si485H-saddleback:2.4$ ./main "Hello "
hash("Hello ") = 0xfbce
aviv@si485H-saddleback:2.4$ ./main "Hello W"
hash("Hello W") = 0x2fbd
aviv@si485H-saddleback:2.4$ ./main "Hello Wo"
hash("Hello Wo") = 0xbb8c
aviv@si485H-saddleback:2.4$ ./main "Hello Wor"
hash("Hello Wor") = 0x28fd
aviv@si485H-saddleback:2.4$ ./main "Hello Worl"
hash("Hello Worl") = 0x7f41
aviv@si485H-saddleback:2.4$ ./main "Hello World"
hash("Hello World") = 0x4ed9
Submission Requirements
main.cmain programfoo.cfoo function completed
Hints
- If you see a command you may not know already, e.g.,
imulorjb, you should look up what it does. - Note the types in the function declaration of
foo(): shorts can overflow in multiplication if the result is greater than 0xFFFF.