Guess what? The famous Bomb Lab of Computer Systems: A Programmer's Perspective! I have done this before in the university, three years ago. After three years, I do it again. However, the lab has changed so much that I can not believe I have ever seen this . . . or maybe just because I am forgetful.
Fortunately time did not rust my skills. There is no substantial difficulty for me to do reverse engineering on this binary bomb. Identifying the transfer of control, determining the control flow, identifying the function calls, finding out the function prototypes, identifying the names of global variables, analyzing the data structures, and so on, everything can be done in a certain routine. Nevertheless, seeing the success message appearing on the screen still excited me a lot.
What is worth mentioning is the secret phase, which I did not ever find three years ago. Its entry is in the phase_defused function. The function decides whether to enter the secret phase by checking the string buffer of a certain phase. The read_line function read the user input into the string buffers. Actually it can take more than needed into the buffers, which we can exploit. To solve the secret phase, you just need to be aware that it operates recursively on a binary tree.
From the lab you can learn many things about GDB. Like me, I found that GDB can print the variable names associated with the memory addresses when I use x to check them, which helped me a lot. Another discovery is that Python is a really good command line calculator. Now I shall continue to the other lab of this chapter—the Buffer Lab.