gh0s7/csapp2025
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
CGH0S7
2025-03-06 19:56:12 +08:00
commit 5b6db97133
47 changed files with 8549 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
bomblab/Decompilation.txt Normal file
View File

@@ -0,0 +1,139 @@
bomb_linux 文件格式 elf64-x86-64
SYMBOL TABLE:
0000000000000000 l df *ABS* 0000000000000000 crt1.o
0000000000400354 l O .note.ABI-tag 0000000000000020 __abi_tag
0000000000000000 l df *ABS* 0000000000000000 crtstuff.c
0000000000401230 l F .text 0000000000000000 deregister_tm_clones
0000000000401260 l F .text 0000000000000000 register_tm_clones
00000000004012a0 l F .text 0000000000000000 __do_global_dtors_aux
0000000000408808 l O .bss 0000000000000001 completed.0
0000000000408578 l O .fini_array 0000000000000000 __do_global_dtors_aux_fini_array_entry
00000000004012d0 l F .text 0000000000000000 frame_dummy
0000000000408570 l O .init_array 0000000000000000 __frame_dummy_init_array_entry
0000000000000000 l df *ABS* 0000000000000000 main.c
0000000000000000 l df *ABS* 0000000000000000 phase_impossible.c
0000000000000000 l df *ABS* 0000000000000000 phase1.c
0000000000000000 l df *ABS* 0000000000000000 phase2.c
0000000000000000 l df *ABS* 0000000000000000 phase3.c
0000000000000000 l df *ABS* 0000000000000000 phase4.c
0000000000000000 l df *ABS* 0000000000000000 support.c
0000000000000000 l df *ABS* 0000000000000000 crtstuff.c
000000000040756c l O .eh_frame 0000000000000000 __FRAME_END__
0000000000000000 l df *ABS* 0000000000000000
0000000000408580 l O .dynamic 0000000000000000 _DYNAMIC
0000000000406954 l .eh_frame_hdr 0000000000000000 __GNU_EH_FRAME_HDR
0000000000408760 l O .got.plt 0000000000000000 _GLOBAL_OFFSET_TABLE_
0000000000405a79 g F .text 000000000000005e skip
0000000000000000 F *UND* 0000000000000000 getenv@GLIBC_2.2.5
0000000000401a35 g F .text 000000000000000c goto_buf_2
0000000000000000 F *UND* 0000000000000000 __libc_start_main@GLIBC_2.34
0000000000401a23 g F .text 0000000000000009 goto_buf_0
00000000004087e8 w .data 0000000000000000 data_start
0000000000408840 g O .bss 0000000000005000 input_strings
00000000004023a5 g F .text 00000000000000ce phase_2_9
000000000040383f g F .text 00000000000001b6 phase_3_10
0000000000402214 g F .text 00000000000000ce phase_2_7
0000000000401ef6 g F .text 00000000000000c5 phase_2_3
000000000040207b g F .text 00000000000000cc phase_2_5
0000000000403ddc g F .text 00000000000003ed phase_3_12
0000000000000000 F *UND* 0000000000000000 puts@GLIBC_2.2.5
0000000000401d82 g F .text 00000000000000a4 phase_2_1
0000000000405216 g F .text 00000000000000d3 phase_4_21
00000000004053bc g F .text 00000000000000d3 phase_4_23
0000000000408800 g O .bss 0000000000000008 stdin@GLIBC_2.2.5
0000000000000000 F *UND* 0000000000000000 clock_gettime@GLIBC_2.17
00000000004087fc g .data 0000000000000000 _edata
0000000000405c28 g F .fini 0000000000000000 .hidden _fini
0000000000000000 F *UND* 0000000000000000 strlen@GLIBC_2.2.5
0000000000404e9b g F .text 00000000000000d3 phase_4_12
0000000000404cf5 g F .text 00000000000000d3 phase_4_10
0000000000405041 g F .text 00000000000000d3 phase_4_14
000000000040d840 g O .bss 0000000000000004 num_input_strings
0000000000000000 F *UND* 0000000000000000 printf@GLIBC_2.2.5
0000000000405a1e g F .text 000000000000005b blank_line
0000000000408818 g O .bss 0000000000000008 rand1_l
0000000000408810 g O .bss 0000000000000008 rand1_h
0000000000402893 g F .text 0000000000000128 phase_3
0000000000401b53 g F .text 000000000000003b phase_1
0000000000000000 F *UND* 0000000000000000 memset@GLIBC_2.2.5
000000000040478a g F .text 000000000000010b phase_4_00
0000000000404bb6 g F .text 000000000000010b phase_4_04
0000000000403325 g F .text 00000000000001b0 phase_3_7
0000000000403001 g F .text 0000000000000183 phase_3_5
00000000004049a0 g F .text 000000000000010b phase_4_02
000000000040368b g F .text 00000000000001b4 phase_3_9
0000000000401725 g F .text 0000000000000052 GetTickCount
0000000000402d75 g F .text 000000000000014e phase_3_3
0000000000402683 g F .text 00000000000000ae phase_2_13
00000000004027df g F .text 00000000000000b4 phase_2_15
0000000000402521 g F .text 00000000000000ae phase_2_11
0000000000000000 F *UND* 0000000000000000 fgets@GLIBC_2.2.5
0000000000405bf6 g F .text 0000000000000030 explode_bomb
0000000000402aee g F .text 0000000000000139 phase_3_1
00000000004087e8 g .data 0000000000000000 __data_start
0000000000000000 F *UND* 0000000000000000 strcmp@GLIBC_2.2.5
0000000000405592 g F .text 00000000000000d3 phase_4_30
00000000004058dc g F .text 00000000000000d3 phase_4_34
0000000000405736 g F .text 00000000000000d3 phase_4_32
0000000000000000 w *UND* 0000000000000000 __gmon_start__
0000000000405114 g F .text 000000000000002f func4_2
0000000000404749 g F .text 0000000000000041 func4_0
00000000004087f0 g O .data 0000000000000000 .hidden __dso_handle
0000000000406000 g O .rodata 0000000000000004 _IO_stdin_used
0000000000401a2c g F .text 0000000000000009 goto_buf_1
0000000000408820 g O .bss 0000000000000008 rand_div
00000000004087f8 g O .data 0000000000000004 result
0000000000000000 F *UND* 0000000000000000 __isoc99_sscanf@GLIBC_2.7
00000000004022e2 g F .text 00000000000000c3 phase_2_8
0000000000402147 g F .text 00000000000000cd phase_2_6
00000000004039f5 g F .text 00000000000003e7 phase_3_11
0000000000401fbb g F .text 00000000000000c0 phase_2_4
00000000004041c9 g F .text 00000000000003f2 phase_3_13
000000000040d848 g .bss 0000000000000000 _end
0000000000401220 g F .text 0000000000000005 .hidden _dl_relocate_static_pie
0000000000401e26 g F .text 00000000000000d0 phase_2_2
00000000004011f0 g F .text 0000000000000026 _start
00000000004052e9 g F .text 00000000000000d3 phase_4_22
0000000000401cd8 g F .text 00000000000000aa phase_2_0
0000000000405143 g F .text 00000000000000d3 phase_4_20
000000000040548f g F .text 00000000000000d3 phase_4_24
0000000000408828 g O .bss 0000000000000008 infile
00000000004087fc g .bss 0000000000000000 __bss_start
0000000000401a41 g F .text 000000000000004a check_buf_valid
00000000004012d6 g F .text 00000000000003d7 main
0000000000401aad g F .text 00000000000000a6 GenerateRandomString
0000000000405ad7 g F .text 000000000000011f read_line
0000000000404f6e g F .text 00000000000000d3 phase_4_13
0000000000404dc8 g F .text 00000000000000d3 phase_4_11
00000000004045bb g F .text 000000000000018e phase_4
0000000000000000 F *UND* 0000000000000000 fopen@GLIBC_2.2.5
0000000000401b8e g F .text 000000000000014a phase_2
0000000000000000 F *UND* 0000000000000000 atoi@GLIBC_2.2.5
0000000000401777 g F .text 000000000000019c phase_impossible
0000000000000000 F *UND* 0000000000000000 sprintf@GLIBC_2.2.5
0000000000000000 F *UND* 0000000000000000 exit@GLIBC_2.2.5
00000000004034d5 g F .text 00000000000001b6 phase_3_8
0000000000404aab g F .text 000000000000010b phase_4_03
0000000000408800 g O .data 0000000000000000 .hidden __TMC_END__
0000000000404895 g F .text 000000000000010b phase_4_01
0000000000403184 g F .text 00000000000001a1 phase_3_6
0000000000402c27 g F .text 000000000000014e phase_3_2
0000000000402731 g F .text 00000000000000ae phase_2_14
0000000000402ec3 g F .text 000000000000013e phase_3_4
0000000000402473 g F .text 00000000000000ae phase_2_10
00000000004025cf g F .text 00000000000000b4 phase_2_12
00000000004029bb g F .text 0000000000000133 phase_3_0
00000000004016ad g F .text 0000000000000078 GenerateRandomNumber
0000000000401000 g F .init 0000000000000000 .hidden _init
0000000000401a8b g F .text 0000000000000022 phase_secret
00000000004059af g F .text 000000000000006f read_six_numbers
0000000000405809 g F .text 00000000000000d3 phase_4_33
0000000000405665 g F .text 00000000000000d1 phase_4_31
0000000000404cc1 g F .text 0000000000000034 func4_1
0000000000401913 g F .text 0000000000000110 tohex
0000000000405562 g F .text 0000000000000030 func4_3
0000000000000000 F *UND* 0000000000000000 __ctype_b_loc@GLIBC_2.3

BIN
bomblab/IDA Pro 快速指南.docx Normal file
View File

Binary file not shown.

27
bomblab/Readme.txt Normal file
View File

@@ -0,0 +1,27 @@
请使用IDA Pro工具反汇编bomb.exe
并调试该程序。
bomb.exe将要求你输入多个密码只有输入正确的密码才能继续执行程序否则将“爆炸”。
利用IDA Pro的反汇编、调试功能你应该可以破解该炸弹
bomb.exe需要一个参数这个参数是你学号的后6位例如092224
bomb.exe 092224
超级二进制炸弹2024版欢迎你
你需要不断依据提示,输入信息,以便解除二进制炸弹,一旦出错,哇哈哈....
以前尝试正确的密码可以写入到bomb.key文件中一个密码一行
请输入第1级的密码dfaadfddfdf
牛刀小试~你已经通过了第1级考验
请输入第2级的密码1 3 4 5 7 8 10
不错不错~你已经通过了第2级考验
请输入第3级的密码1 3 4 5 7 8 10
今夜没加班? 你已经通过了第3级考验
请输入第4级的密码1 3 4 5 7 8 10
完美了~你已经通过了第4级考验
二进制炸弹之不可能任务你的选择是继续前行Y或者放弃N
友情提示:后面的代码,涉及到反调试、动态生成指令等,所以你要有思想准备......
不可能任务,请输入突防指令:
12345
你已经通过了第5级考验完成了不可能完成任务终极考验
不可能的...不可能的...指令和数据的世界已经混乱...SOS...

BIN
bomblab/X86汇编指令速查.xlsx Normal file
View File

Binary file not shown.

5240
bomblab/bomb.asm Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
bomblab/bomb.exe Normal file
View File

Binary file not shown.

6
bomblab/bomb_723005.txt Normal file
View File

@@ -0,0 +1,6 @@
mJHurpQZtY
47 47 47 47 47 47
2 -41
38000
Y
48B8F887400000000000C700FC03000048C704249618400048B88B1A400000000000FFE051

0
bomblab/bomb_decompile.gpr Normal file
View File

11
bomblab/bomb_decompile.rep/idata/00/00000000.prp Normal file
View File

@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<FILE_INFO>
<BASIC_INFO>
<STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="Program" />
<STATE NAME="PARENT" TYPE="string" VALUE="/" />
<STATE NAME="FILE_ID" TYPE="string" VALUE="c0a82b469b8f17134149581882" />
<STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" />
<STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" />
<STATE NAME="NAME" TYPE="string" VALUE="bomb_linux" />
</BASIC_INFO>
</FILE_INFO>

BIN
bomblab/bomb_decompile.rep/idata/00/~00000000.db/db.2.gbf Normal file
View File

Binary file not shown.

5
bomblab/bomb_decompile.rep/idata/~index.bak Normal file
View File

@@ -0,0 +1,5 @@
VERSION=1
/
00000000:bomb_linux:c0a82b469b8f17134149581882
NEXT-ID:1
MD5:d41d8cd98f00b204e9800998ecf8427e

5
bomblab/bomb_decompile.rep/idata/~index.dat Normal file
View File

@@ -0,0 +1,5 @@
VERSION=1
/
00000000:bomb_linux:c0a82b469b8f17134149581882
NEXT-ID:1
MD5:d41d8cd98f00b204e9800998ecf8427e

6
bomblab/bomb_decompile.rep/project.prp Normal file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<FILE_INFO>
<BASIC_INFO>
<STATE NAME="OWNER" TYPE="string" VALUE="gh0s7" />
</BASIC_INFO>
</FILE_INFO>

15
bomblab/bomb_decompile.rep/projectState Normal file
View File

@@ -0,0 +1,15 @@
<?xml version="1.0" encoding="UTF-8"?>
<PROJECT>
<PROJECT_DATA_XML_NAME NAME="DISPLAY_DATA">
<SAVE_STATE>
<ARRAY NAME="EXPANDED_PATHS" TYPE="string">
<A VALUE="bomb_decompile:" />
</ARRAY>
<STATE NAME="SHOW_TABLE" TYPE="boolean" VALUE="true" />
</SAVE_STATE>
</PROJECT_DATA_XML_NAME>
<TOOL_MANAGER ACTIVE_WORKSPACE="Workspace">
<WORKSPACE NAME="Workspace" ACTIVE="true" />
</TOOL_MANAGER>
</PROJECT>

11
bomblab/bomb_decompile.rep/user/00/00000000.prp Normal file
View File

@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<FILE_INFO>
<BASIC_INFO>
<STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="ProgramUserData" />
<STATE NAME="PARENT" TYPE="string" VALUE="/" />
<STATE NAME="FILE_ID" TYPE="string" VALUE="c0a82b46af9f17465853183772" />
<STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" />
<STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" />
<STATE NAME="NAME" TYPE="string" VALUE="udf_c0a82b469b8f17134149581882" />
</BASIC_INFO>
</FILE_INFO>

BIN
bomblab/bomb_decompile.rep/user/00/~00000000.db/db.7.gbf Normal file
View File

Binary file not shown.

4
bomblab/bomb_decompile.rep/user/~index.bak Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e

5
bomblab/bomb_decompile.rep/user/~index.dat Normal file
View File

@@ -0,0 +1,5 @@
VERSION=1
/
00000000:udf_c0a82b469b8f17134149581882:c0a82b46af9f17465853183772
NEXT-ID:1
MD5:d41d8cd98f00b204e9800998ecf8427e

2
bomblab/bomb_decompile.rep/user/~journal.bak Normal file
View File

@@ -0,0 +1,2 @@
IADD:00000000:/udf_c0a82b469b8f17134149581882
IDSET:/udf_c0a82b469b8f17134149581882:c0a82b46af9f17465853183772

4
bomblab/bomb_decompile.rep/versioned/~index.bak Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e

4
bomblab/bomb_decompile.rep/versioned/~index.dat Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e

BIN
bomblab/bomb_linux Executable file
View File

Binary file not shown.

25
bomblab/phase_2_14.c Normal file
View File

@@ -0,0 +1,25 @@
void phase_2_14(undefined8 param_1)
{
int local_28 [7];
int local_c;
read_six_numbers(param_1,local_28);
GenerateRandomNumber(0x32);
if ((long)local_28[0] != rand_div + 0x10) {
explode_bomb();
}
for (local_c = 0; local_c < 6; local_c = local_c + 1) {
if (local_28[local_c] < 0) {
explode_bomb();
}
}
for (local_c = 1; local_c < 6; local_c = local_c + 1) {
if ((local_28[local_c + -1] < local_28[local_c]) || (local_28[local_c] < 1)) {
explode_bomb();
}
}
return;
}

200
bomblab/strings_in_bomb.txt Normal file
View File

@@ -0,0 +1,200 @@
/lib64/ld-linux-x86-64.so.2
fgets
__libc_start_main
strcmp
atoi
fopen
memset
__ctype_b_loc
puts
strlen
getenv
sprintf
stdin
exit
__isoc99_sscanf
clock_gettime
libc.so.6
GLIBC_2.3
GLIBC_2.7
GLIBC_2.17
GLIBC_2.34
GLIBC_2.2.5
__gmon_start__
PTE1
2024
============================
....
bomb_
.txt
bomb_%s.txt
....
1 2 3 4 5 6
......
....
%08lX
%08X
....
...SOS...
%d %d
%d %c %d
%d %d %d %d %d %d
GRADE_BOMB
.....
:*3$"
GCC: (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
crt1.o
__abi_tag
crtstuff.c
deregister_tm_clones
__do_global_dtors_aux
completed.0
__do_global_dtors_aux_fini_array_entry
frame_dummy
__frame_dummy_init_array_entry
main.c
phase_impossible.c
phase1.c
phase2.c
phase3.c
phase4.c
support.c
__FRAME_END__
_DYNAMIC
__GNU_EH_FRAME_HDR
_GLOBAL_OFFSET_TABLE_
skip
getenv@GLIBC_2.2.5
goto_buf_2
__libc_start_main@GLIBC_2.34
goto_buf_0
phase_2_9
phase_3_10
phase_2_7
phase_2_3
phase_2_5
phase_3_12
puts@GLIBC_2.2.5
phase_2_1
phase_4_21
phase_4_23
stdin@GLIBC_2.2.5
clock_gettime@GLIBC_2.17
_edata
_fini
strlen@GLIBC_2.2.5
phase_4_12
phase_4_10
phase_4_14
num_input_strings
blank_line
rand1_l
rand1_h
phase_3
phase_1
memset@GLIBC_2.2.5
phase_4_00
phase_4_04
phase_3_7
phase_3_5
phase_4_02
phase_3_9
GetTickCount
phase_3_3
phase_2_13
phase_2_15
phase_2_11
fgets@GLIBC_2.2.5
explode_bomb
phase_3_1
__data_start
strcmp@GLIBC_2.2.5
phase_4_30
phase_4_34
phase_4_32
__gmon_start__
func4_2
func4_0
__dso_handle
_IO_stdin_used
goto_buf_1
rand_div
result
__isoc99_sscanf@GLIBC_2.7
phase_2_8
phase_2_6
phase_3_11
phase_2_4
phase_3_13
_end
_dl_relocate_static_pie
phase_2_2
phase_4_22
phase_2_0
phase_4_20
phase_4_24
infile
__bss_start
check_buf_valid
main
GenerateRandomString
read_line
phase_4_13
phase_4_11
phase_4
fopen@GLIBC_2.2.5
phase_2
atoi@GLIBC_2.2.5
phase_impossible
sprintf@GLIBC_2.2.5
exit@GLIBC_2.2.5
phase_3_8
phase_4_03
__TMC_END__
phase_4_01
phase_3_6
phase_3_2
phase_2_14
phase_3_4
phase_2_10
phase_2_12
phase_3_0
GenerateRandomNumber
_init
phase_secret
read_six_numbers
phase_4_33
phase_4_31
func4_1
tohex
func4_3
__ctype_b_loc@GLIBC_2.3
.symtab
.strtab
.shstrtab
.interp
.note.gnu.property
.note.gnu.build-id
.note.ABI-tag
.gnu.hash
.dynsym
.dynstr
.gnu.version
.gnu.version_r
.rela.dyn
.rela.plt
.init
.plt.sec
.text
.fini
.rodata
.eh_frame_hdr
.eh_frame
.init_array
.fini_array
.dynamic
.got
.got.plt
.data
.bss
.comment

BIN
bomblab/计算机系统-实验2.pptx Normal file
View File

Binary file not shown.