Welcome to CS 3210's Bomb Lab

This lab is about learning to use GDB effectively on a real binary. You are not expected to brute force inputs. The goal is to use GDB to reverse engineer and understand the program’s control flow, data, and logic well enough to defuse each phase.

---

Description

You must read the contents of a secret flag planted at /flag.txt. Only root has access to it; luckily a special binary is given to you to help you read the file. However, to use it properly, you must give it 3 secret passphrases or else get blown up.

Use GDB to learn how the secret passphrases and get access to the flag!

Note: you will be quizzed on the things you learn in this lab!

---

Files

• bomb — the executable you will run and debug
• bomb.c — optional / reference

Run the bomb with:

./bomb

---

Strategy (High-Level)

For each phase:

1. Run the bomb under GDB

2. Set a breakpoint at the phase function

3. Step through instructions

4. Identify:

   • required input format
   • comparisons and constraints
   • success vs failure paths

5. Craft the correct input and move on

Take notes per phase.

---

Starting GDB

gdb ./bomb

Useful startup settings:

layout asm
layout regs

If your terminal gets messed up, hit ctrl + l to reset it.

---

Core GDB Commands (Cheat Sheet)

Running

start             # set a temporary breakpoint at the first instruction and begin execution
[r]un             # start program
[c]ontinue        # resume execution
quit

Breakpoints

[b]reak main
[b]reak phase_1
[b]reak *0x40123a         # breakpoint at address
[i]nfo breakpoints
[d]elete 1                # delete breakpoint 1
disable 1 / enable 1

Stepping

step               # step into (source-level)
next               # step over (source-level)
stepi / si         # step one instruction
nexti / ni         # step over instruction
finish             # run until function returns

Disassembly

[disas]semble

disassemble phase_2
x/20i $rip          # inspect instructions at RIP

Registers

[i]nfo registers
p $rax
p/x $rip

Memory Inspection

x/x 0x601050        # examine memory (hex)
x/d $rsp            # decimal
x/s $rdi            # string
x/16gx $rsp         # stack dump

Format: x/<count><format><size> <address>

Common formats: x hex, d decimal, s string, i instruction

You can also use print and cast memory/register values into types.

---

Stack & Arguments (x86-64 SysV)

Note that we are debugging a 64-bit program. The calling convention may differ slightly from x86 32 bit programs such as xv6.

Function arguments:

1. rdi
2. rsi
3. rdx
4. rcx
5. r8
6. r9

Return value: rax

---

Control Flow Tricks

jump *0x4012ab      # jump to instruction
set $rax = 0        # modify register
set *(int*)0xADDR = 5

Note: depending on where you jump, you can get stack corruption and segfault.

---

Common Patterns to Look For

• strcmp, strlen, sscanf
• bitwise checks and masks
• loops comparing array elements

If you see a call to explode_bomb, backtrack and understand why.

---

Debugging Tips

• Understand function calls and their arguments
• Watch how user input is parsed/transformed
• Don’t guess — verify with GDB

Good luck!