I am trying to complete a binary bomb exercise, and I have made it through the first 2 phases but I am stuck on how to even being solving it, as all the guides I have found feature a different assembly code and none of the same variables. I'm not asking for someone to solve the problem for me or anything, just how to go about actually finding the answer (i.e. what commands I would need to try or variables to focus on).
I've tried finding variables that correspond to hexadecimal letters when using x/s ___ but I've had no luck getting it correspond to lowercase letters. I've tried on my own for 3 hours to figure out this phase and I've had no luck. Here is the assembly language for phase 3:
08048c17 <phase_3>:
8048c17: 55 push %ebp
8048c18: 89 e5 mov %esp,%ebp
8048c1a: 83 ec 28 sub $0x28,%esp
8048c1d: 8d 45 f0 lea -0x10(%ebp),%eax
8048c20: 89 44 24 0c mov %eax,0xc(%esp)
8048c24: 8d 45 f4 lea -0xc(%ebp),%eax
8048c27: 89 44 24 08 mov %eax,0x8(%esp)
8048c2b: c7 44 24 04 7e 94 04 movl $0x804947e,0x4(%esp)
8048c32: 08
8048c33: 8b 45 08 mov 0x8(%ebp),%eax
8048c36: 89 04 24 mov %eax,(%esp)
8048c39: e8 a2 f9 ff ff call 80485e0 <__isoc99_sscanf@plt>
8048c3e: 83 f8 01 cmp $0x1,%eax
8048c41: 7f 05 jg 8048c48 <phase_3+0x31>
8048c43: e8 09 02 00 00 call 8048e51 <explode_bomb>
8048c48: 83 7d f4 07 cmpl $0x7,-0xc(%ebp)
8048c4c: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi
8048c50: 77 6a ja 8048cbc <phase_3+0xa5>
8048c52: 8b 45 f4 mov -0xc(%ebp),%eax
8048c55: ff 24 85 e0 93 04 08 jmp *0x80493e0(,%eax,4)
8048c5c: b8 00 00 00 00 mov $0x0,%eax
8048c61: eb 52 jmp 8048cb5 <phase_3+0x9e>
8048c63: b8 00 00 00 00 mov $0x0,%eax
8048c68: eb 46 jmp 8048cb0 <phase_3+0x99>
8048c6a: b8 00 00 00 00 mov $0x0,%eax
8048c6f: 90 nop
8048c70: eb 39 jmp 8048cab <phase_3+0x94>
8048c72: b8 00 00 00 00 mov $0x0,%eax
8048c77: eb 2d jmp 8048ca6 <phase_3+0x8f>
8048c79: b8 00 00 00 00 mov $0x0,%eax
8048c7e: 66 90 xchg %ax,%ax
8048c80: eb 1f jmp 8048ca1 <phase_3+0x8a>
8048c82: b8 00 00 00 00 mov $0x0,%eax
8048c87: eb 13 jmp 8048c9c <phase_3+0x85>
8048c89: b8 6d 03 00 00 mov $0x36d,%eax
8048c8e: 66 90 xchg %ax,%ax
8048c90: eb 05 jmp 8048c97 <phase_3+0x80>
8048c92: b8 00 00 00 00 mov $0x0,%eax
8048c97: 2d c5 02 00 00 sub $0x2c5,%eax
8048c9c: 05 94 03 00 00 add $0x394,%eax
8048ca1: 2d e2 00 00 00 sub $0xe2,%eax
8048ca6: 05 e2 00 00 00 add $0xe2,%eax
8048cab: 2d e2 00 00 00 sub $0xe2,%eax
8048cb0: 05 e2 00 00 00 add $0xe2,%eax
8048cb5: 2d e2 00 00 00 sub $0xe2,%eax
8048cba: eb 0a jmp 8048cc6 <phase_3+0xaf>
8048cbc: e8 90 01 00 00 call 8048e51 <explode_bomb>
8048cc1: b8 00 00 00 00 mov $0x0,%eax
8048cc6: 83 7d f4 05 cmpl $0x5,-0xc(%ebp)
8048cca: 7f 06 jg 8048cd2 <phase_3+0xbb>
8048ccc: 3b 45 f0 cmp -0x10(%ebp),%eax
8048ccf: 90 nop
8048cd0: 74 05 je 8048cd7 <phase_3+0xc0>
8048cd2: e8 7a 01 00 00 call 8048e51 <explode_bomb>
8048cd7: c9 leave
8048cd8: c3 ret
Here is the guide I have been provided for phase 3, it seems very valuable but I am having trouble understanding how to apply it to my code given the different variables/values. Here are screen caps of what I think are the most relevant parts, and the full link to the guide below those screen caps: Introductory guide
Here is a full link to the guide
The goal is to have a number followed by a lowercase letter and then followed by a number (like 1 v 240 or 4 b 60). But I haven't been able to find any numbers or a letter.
Turns out I was mistaken on the method, and the problem was actually looking for a pair of numbers without a letter. For those wondering, I found the solution by following the scanf assembly sections like was suggested by De Dycker, and ended up charting the first number followed by finding the second pair through trial and error.