Desafio simples (eu diria que é nivel 2) (nivel 1) do site crackmes.one
Baixe o arquivo zipado e leia o FAQ para descobrir qual é a senha do zip.
$ file Sh4ll10.1.bin
Sh4ll10.1.bin: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, not stripped
$ readelf -a ./lucky_numbers
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x400f40
Start of program headers: 64 (bytes into file)
Start of section headers: 13232 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 9
Size of section headers: 64 (bytes)
Number of section headers: 29
Section header string table index: 28
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .interp PROGBITS 0000000000400238 00000238
000000000000001c 0000000000000000 A 0 0 1
[ 2] .note.ABI-tag NOTE 0000000000400254 00000254
0000000000000020 0000000000000000 A 0 0 4
[ 3] .hash HASH 0000000000400278 00000278
00000000000000bc 0000000000000004 A 4 0 8
[ 4] .dynsym DYNSYM 0000000000400338 00000338
00000000000002a0 0000000000000018 A 5 1 8
[ 5] .dynstr STRTAB 00000000004005d8 000005d8
000000000000048a 0000000000000000 A 0 0 1
[ 6] .gnu.version VERSYM 0000000000400a62 00000a62
0000000000000038 0000000000000002 A 4 0 2
[ 7] .gnu.version_r VERNEED 0000000000400aa0 00000aa0
0000000000000080 0000000000000000 A 5 3 8
[ 8] .rela.dyn RELA 0000000000400b20 00000b20
0000000000000060 0000000000000018 A 4 0 8
[ 9] .rela.plt RELA 0000000000400b80 00000b80
0000000000000228 0000000000000018 AI 4 22 8
[10] .init PROGBITS 0000000000400da8 00000da8
0000000000000017 0000000000000000 AX 0 0 4
[11] .plt PROGBITS 0000000000400dc0 00000dc0
0000000000000180 0000000000000010 AX 0 0 16
[12] .text PROGBITS 0000000000400f40 00000f40
00000000000007f2 0000000000000000 AX 0 0 16
[13] .fini PROGBITS 0000000000401734 00001734
0000000000000009 0000000000000000 AX 0 0 4
[14] .rodata PROGBITS 0000000000401740 00001740
00000000000000c1 0000000000000000 A 0 0 8
[15] .eh_frame_hdr PROGBITS 0000000000401804 00001804
0000000000000064 0000000000000000 A 0 0 4
[16] .eh_frame PROGBITS 0000000000401868 00001868
00000000000001ec 0000000000000000 A 0 0 8
[17] .gcc_except_table PROGBITS 0000000000401a54 00001a54
0000000000000032 0000000000000000 A 0 0 1
[18] .init_array INIT_ARRAY 0000000000601dd8 00001dd8
0000000000000010 0000000000000008 WA 0 0 8
[19] .fini_array FINI_ARRAY 0000000000601de8 00001de8
0000000000000008 0000000000000008 WA 0 0 8
[20] .dynamic DYNAMIC 0000000000601df0 00001df0
0000000000000200 0000000000000010 WA 5 0 8
[21] .got PROGBITS 0000000000601ff0 00001ff0
0000000000000010 0000000000000008 WA 0 0 8
[22] .got.plt PROGBITS 0000000000602000 00002000
00000000000000d0 0000000000000008 WA 0 0 8
[23] .data PROGBITS 00000000006020d0 000020d0
0000000000000010 0000000000000000 WA 0 0 8
[24] .bss NOBITS 00000000006020e0 000020e0
0000000000000290 0000000000000000 WA 0 0 32
[25] .comment PROGBITS 0000000000000000 000020e0
0000000000000011 0000000000000001 MS 0 0 1
[26] .symtab SYMTAB 0000000000000000 000020f8
0000000000000900 0000000000000018 27 48 8
[27] .strtab STRTAB 0000000000000000 000029f8
00000000000008b3 0000000000000000 0 0 1
[28] .shstrtab STRTAB 0000000000000000 000032ab
00000000000000fe 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
l (large), p (processor specific)
There are no section groups in this file.
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000400040 0x0000000000400040
0x00000000000001f8 0x00000000000001f8 R E 0x8
INTERP 0x0000000000000238 0x0000000000400238 0x0000000000400238
0x000000000000001c 0x000000000000001c R 0x1
[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
0x0000000000001a86 0x0000000000001a86 R E 0x200000
LOAD 0x0000000000001dd8 0x0000000000601dd8 0x0000000000601dd8
0x0000000000000308 0x0000000000000598 RW 0x200000
DYNAMIC 0x0000000000001df0 0x0000000000601df0 0x0000000000601df0
0x0000000000000200 0x0000000000000200 RW 0x8
NOTE 0x0000000000000254 0x0000000000400254 0x0000000000400254
0x0000000000000020 0x0000000000000020 R 0x4
GNU_EH_FRAME 0x0000000000001804 0x0000000000401804 0x0000000000401804
0x0000000000000064 0x0000000000000064 R 0x4
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 0x10
GNU_RELRO 0x0000000000001dd8 0x0000000000601dd8 0x0000000000601dd8
0x0000000000000228 0x0000000000000228 R 0x1
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.ABI-tag .hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame .gcc_except_table
03 .init_array .fini_array .dynamic .got .got.plt .data .bss
04 .dynamic
05 .note.ABI-tag
06 .eh_frame_hdr
07
08 .init_array .fini_array .dynamic .got
Dynamic section at offset 0x1df0 contains 27 entries:
Tag Type Name/Value
0x0000000000000001 (NEEDED) Shared library: [libstdc++.so.6]
0x0000000000000001 (NEEDED) Shared library: [libm.so.6]
0x0000000000000001 (NEEDED) Shared library: [libgcc_s.so.1]
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
0x000000000000000c (INIT) 0x400da8
0x000000000000000d (FINI) 0x401734
0x0000000000000019 (INIT_ARRAY) 0x601dd8
0x000000000000001b (INIT_ARRAYSZ) 16 (bytes)
0x000000000000001a (FINI_ARRAY) 0x601de8
0x000000000000001c (FINI_ARRAYSZ) 8 (bytes)
0x0000000000000004 (HASH) 0x400278
0x0000000000000005 (STRTAB) 0x4005d8
0x0000000000000006 (SYMTAB) 0x400338
0x000000000000000a (STRSZ) 1162 (bytes)
0x000000000000000b (SYMENT) 24 (bytes)
0x0000000000000015 (DEBUG) 0x0
0x0000000000000003 (PLTGOT) 0x602000
0x0000000000000002 (PLTRELSZ) 552 (bytes)
0x0000000000000014 (PLTREL) RELA
0x0000000000000017 (JMPREL) 0x400b80
0x0000000000000007 (RELA) 0x400b20
0x0000000000000008 (RELASZ) 96 (bytes)
0x0000000000000009 (RELAENT) 24 (bytes)
0x000000006ffffffe (VERNEED) 0x400aa0
0x000000006fffffff (VERNEEDNUM) 3
0x000000006ffffff0 (VERSYM) 0x400a62
0x0000000000000000 (NULL) 0x0
Relocation section '.rela.dyn' at offset 0xb20 contains 4 entries:
Offset Info Type Sym. Value Sym. Name + Addend
000000601ff0 000200000006 R_X86_64_GLOB_DAT 0000000000000000 __gmon_start__ + 0
000000601ff8 000600000006 R_X86_64_GLOB_DAT 0000000000000000 __libc_start_main@GLIBC_2.2.5 + 0
0000006020e0 000100000005 R_X86_64_COPY 00000000006020e0 _ZSt3cin@GLIBCXX_3.4 + 0
000000602200 000d00000005 R_X86_64_COPY 0000000000602200 _ZSt4cout@GLIBCXX_3.4 + 0
Relocation section '.rela.plt' at offset 0xb80 contains 23 entries:
Offset Info Type Sym. Value Sym. Name + Addend
000000602018 000300000007 R_X86_64_JUMP_SLO 0000000000000000 exit@GLIBC_2.2.5 + 0
000000602020 000400000007 R_X86_64_JUMP_SLO 0000000000000000 _ZNKSt7__cxx1112basic_@GLIBCXX_3.4.21 + 0
000000602028 000500000007 R_X86_64_JUMP_SLO 0000000000000000 _ZNSt8ios_base4InitC1E@GLIBCXX_3.4 + 0
000000602030 000700000007 R_X86_64_JUMP_SLO 0000000000000000 __cxa_atexit@GLIBC_2.2.5 + 0
000000602038 000800000007 R_X86_64_JUMP_SLO 0000000000000000 _ZStlsISt11char_traits@GLIBCXX_3.4 + 0
000000602040 000900000007 R_X86_64_JUMP_SLO 0000000000400e20 _ZNSt8ios_base4InitD1E@GLIBCXX_3.4 + 0
000000602048 000a00000007 R_X86_64_JUMP_SLO 0000000000000000 _ZStlsISt11char_traits@GLIBCXX_3.4 + 0
000000602050 000b00000007 R_X86_64_JUMP_SLO 0000000000000000 _ZNSt7__cxx1112basic_s@GLIBCXX_3.4.21 + 0
000000602058 000c00000007 R_X86_64_JUMP_SLO 0000000000400e50 _ZNSt7__cxx1112basic_s@GLIBCXX_3.4.21 + 0
000000602060 000e00000007 R_X86_64_JUMP_SLO 0000000000000000 _ZNKSt7__cxx1112basic_@GLIBCXX_3.4.21 + 0
000000602068 000f00000007 R_X86_64_JUMP_SLO 0000000000000000 _ZNSaIcED1Ev@GLIBCXX_3.4 + 0
000000602070 001000000007 R_X86_64_JUMP_SLO 0000000000000000 _ZNKSt7__cxx1112basic_@GLIBCXX_3.4.21 + 0
000000602078 001100000007 R_X86_64_JUMP_SLO 0000000000000000 memcmp@GLIBC_2.2.5 + 0
000000602080 001200000007 R_X86_64_JUMP_SLO 0000000000000000 _ZNSolsEPFRSoS_E@GLIBCXX_3.4 + 0
000000602088 001300000007 R_X86_64_JUMP_SLO 0000000000000000 _ZStrsIcSt11char_trait@GLIBCXX_3.4.21 + 0
000000602090 001400000007 R_X86_64_JUMP_SLO 0000000000400ec0 _ZSt4endlIcSt11char_tr@GLIBCXX_3.4 + 0
000000602098 001500000007 R_X86_64_JUMP_SLO 0000000000000000 _ZNSt7__cxx1112basic_s@GLIBCXX_3.4.21 + 0
0000006020a0 001600000007 R_X86_64_JUMP_SLO 0000000000000000 _ZNSaIcEC1Ev@GLIBCXX_3.4 + 0
0000006020a8 001700000007 R_X86_64_JUMP_SLO 0000000000400ef0 __gxx_personality_v0@CXXABI_1.3 + 0
0000006020b0 001800000007 R_X86_64_JUMP_SLO 0000000000000000 _ZStlsIcSt11char_trait@GLIBCXX_3.4.21 + 0
0000006020b8 001900000007 R_X86_64_JUMP_SLO 0000000000000000 _Unwind_Resume@GCC_3.0 + 0
0000006020c0 001a00000007 R_X86_64_JUMP_SLO 0000000000000000 _ZNSt7__cxx1112basic_s@GLIBCXX_3.4.21 + 0
0000006020c8 001b00000007 R_X86_64_JUMP_SLO 0000000000000000 _ZNSt7__cxx1112basic_s@GLIBCXX_3.4.21 + 0
The decoding of unwind sections for machine type Advanced Micro Devices X86-64 is not currently supported.
Symbol table '.dynsym' contains 28 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000006020e0 280 OBJECT GLOBAL DEFAULT 24 _ZSt3cin@GLIBCXX_3.4 (2)
2: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND exit@GLIBC_2.2.5 (3)
4: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNKSt7__cxx1112basic_str@GLIBCXX_3.4.21 (4)
5: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSt8ios_base4InitC1Ev@GLIBCXX_3.4 (2)
6: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.2.5 (3)
7: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __cxa_atexit@GLIBC_2.2.5 (3)
8: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZStlsISt11char_traitsIcE@GLIBCXX_3.4 (2)
9: 0000000000400e20 0 FUNC GLOBAL DEFAULT UND _ZNSt8ios_base4InitD1Ev@GLIBCXX_3.4 (2)
10: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZStlsISt11char_traitsIcE@GLIBCXX_3.4 (2)
11: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSt7__cxx1112basic_stri@GLIBCXX_3.4.21 (4)
12: 0000000000400e50 0 FUNC GLOBAL DEFAULT UND _ZNSt7__cxx1112basic_stri@GLIBCXX_3.4.21 (4)
13: 0000000000602200 272 OBJECT GLOBAL DEFAULT 24 _ZSt4cout@GLIBCXX_3.4 (2)
14: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNKSt7__cxx1112basic_str@GLIBCXX_3.4.21 (4)
15: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSaIcED1Ev@GLIBCXX_3.4 (2)
16: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNKSt7__cxx1112basic_str@GLIBCXX_3.4.21 (4)
17: 0000000000000000 0 FUNC GLOBAL DEFAULT UND memcmp@GLIBC_2.2.5 (3)
18: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSolsEPFRSoS_E@GLIBCXX_3.4 (2)
19: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZStrsIcSt11char_traitsIc@GLIBCXX_3.4.21 (4)
20: 0000000000400ec0 0 FUNC GLOBAL DEFAULT UND _ZSt4endlIcSt11char_trait@GLIBCXX_3.4 (2)
21: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSt7__cxx1112basic_stri@GLIBCXX_3.4.21 (4)
22: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSaIcEC1Ev@GLIBCXX_3.4 (2)
23: 0000000000400ef0 0 FUNC GLOBAL DEFAULT UND __gxx_personality_v0@CXXABI_1.3 (5)
24: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZStlsIcSt11char_traitsIc@GLIBCXX_3.4.21 (4)
25: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _Unwind_Resume@GCC_3.0 (6)
26: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSt7__cxx1112basic_stri@GLIBCXX_3.4.21 (4)
27: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSt7__cxx1112basic_stri@GLIBCXX_3.4.21 (4)
Symbol table '.symtab' contains 96 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000400238 0 SECTION LOCAL DEFAULT 1
2: 0000000000400254 0 SECTION LOCAL DEFAULT 2
3: 0000000000400278 0 SECTION LOCAL DEFAULT 3
4: 0000000000400338 0 SECTION LOCAL DEFAULT 4
5: 00000000004005d8 0 SECTION LOCAL DEFAULT 5
6: 0000000000400a62 0 SECTION LOCAL DEFAULT 6
7: 0000000000400aa0 0 SECTION LOCAL DEFAULT 7
8: 0000000000400b20 0 SECTION LOCAL DEFAULT 8
9: 0000000000400b80 0 SECTION LOCAL DEFAULT 9
10: 0000000000400da8 0 SECTION LOCAL DEFAULT 10
11: 0000000000400dc0 0 SECTION LOCAL DEFAULT 11
12: 0000000000400f40 0 SECTION LOCAL DEFAULT 12
13: 0000000000401734 0 SECTION LOCAL DEFAULT 13
14: 0000000000401740 0 SECTION LOCAL DEFAULT 14
15: 0000000000401804 0 SECTION LOCAL DEFAULT 15
16: 0000000000401868 0 SECTION LOCAL DEFAULT 16
17: 0000000000401a54 0 SECTION LOCAL DEFAULT 17
18: 0000000000601dd8 0 SECTION LOCAL DEFAULT 18
19: 0000000000601de8 0 SECTION LOCAL DEFAULT 19
20: 0000000000601df0 0 SECTION LOCAL DEFAULT 20
21: 0000000000601ff0 0 SECTION LOCAL DEFAULT 21
22: 0000000000602000 0 SECTION LOCAL DEFAULT 22
23: 00000000006020d0 0 SECTION LOCAL DEFAULT 23
24: 00000000006020e0 0 SECTION LOCAL DEFAULT 24
25: 0000000000000000 0 SECTION LOCAL DEFAULT 25
26: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
27: 0000000000400f70 0 FUNC LOCAL DEFAULT 12 deregister_tm_clones
28: 0000000000400fa0 0 FUNC LOCAL DEFAULT 12 register_tm_clones
29: 0000000000400fe0 0 FUNC LOCAL DEFAULT 12 __do_global_dtors_aux
30: 0000000000602310 1 OBJECT LOCAL DEFAULT 24 completed.7266
31: 0000000000601de8 0 OBJECT LOCAL DEFAULT 19 __do_global_dtors_aux_fin
32: 0000000000401010 0 FUNC LOCAL DEFAULT 12 frame_dummy
33: 0000000000601dd8 0 OBJECT LOCAL DEFAULT 18 __frame_dummy_init_array_
34: 0000000000000000 0 FILE LOCAL DEFAULT ABS main.cpp
35: 0000000000401748 1 OBJECT LOCAL DEFAULT 14 _ZStL19piecewise_construc
36: 0000000000602364 1 OBJECT LOCAL DEFAULT 24 _ZStL8__ioinit
37: 0000000000602368 4 OBJECT LOCAL DEFAULT 24 _ZL1s
38: 00000000004014e7 210 FUNC LOCAL DEFAULT 12 _Z41__static_initializati
39: 00000000004015b9 21 FUNC LOCAL DEFAULT 12 _GLOBAL__sub_I__Z13falseP
40: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
41: 0000000000401a50 0 OBJECT LOCAL DEFAULT 16 __FRAME_END__
42: 0000000000000000 0 FILE LOCAL DEFAULT ABS
43: 0000000000401804 0 NOTYPE LOCAL DEFAULT 15 __GNU_EH_FRAME_HDR
44: 0000000000602000 0 OBJECT LOCAL DEFAULT 22 _GLOBAL_OFFSET_TABLE_
45: 0000000000601de8 0 NOTYPE LOCAL DEFAULT 18 __init_array_end
46: 0000000000601dd8 0 NOTYPE LOCAL DEFAULT 18 __init_array_start
47: 0000000000601df0 0 OBJECT LOCAL DEFAULT 20 _DYNAMIC
48: 00000000006020d0 0 NOTYPE WEAK DEFAULT 23 data_start
49: 00000000006020e0 280 OBJECT GLOBAL DEFAULT 24 _ZSt3cin@@GLIBCXX_3.4
50: 00000000004015ce 60 FUNC WEAK DEFAULT 12 _ZNSt11char_traitsIcE7com
51: 0000000000401730 2 FUNC GLOBAL DEFAULT 12 __libc_csu_fini
52: 0000000000400f40 43 FUNC GLOBAL DEFAULT 12 _start
53: 000000000040160a 40 FUNC WEAK DEFAULT 12 _ZStneIcSt11char_traitsIc
54: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
55: 0000000000000000 0 FUNC GLOBAL DEFAULT UND exit@@GLIBC_2.2.5
56: 0000000000401734 0 FUNC GLOBAL DEFAULT 13 _fini
57: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNKSt7__cxx1112basic_str
58: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSt8ios_base4InitC1Ev@@
59: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_
60: 0000000000602360 4 OBJECT GLOBAL DEFAULT 24 strLength
61: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __cxa_atexit@@GLIBC_2.2.5
62: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZStlsISt11char_traitsIcE
63: 0000000000400e20 0 FUNC GLOBAL DEFAULT UND _ZNSt8ios_base4InitD1Ev@@
64: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZStlsISt11char_traitsIcE
65: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSt7__cxx1112basic_stri
66: 0000000000401740 4 OBJECT GLOBAL DEFAULT 14 _IO_stdin_used
67: 00000000006020d0 0 NOTYPE GLOBAL DEFAULT 23 __data_start
68: 0000000000400e50 0 FUNC GLOBAL DEFAULT UND _ZNSt7__cxx1112basic_stri
69: 00000000006020e0 0 OBJECT GLOBAL HIDDEN 23 __TMC_END__
70: 0000000000602200 272 OBJECT GLOBAL DEFAULT 24 _ZSt4cout@@GLIBCXX_3.4
71: 00000000006020d8 0 OBJECT GLOBAL HIDDEN 23 __dso_handle
72: 00000000004016c0 101 FUNC GLOBAL DEFAULT 12 __libc_csu_init
73: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNKSt7__cxx1112basic_str
74: 00000000006020e0 0 NOTYPE GLOBAL DEFAULT 24 __bss_start
75: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSaIcED1Ev@@GLIBCXX_3.4
76: 0000000000401632 132 FUNC WEAK DEFAULT 12 _ZSteqIcEN9__gnu_cxx11__e
77: 0000000000602340 32 OBJECT GLOBAL DEFAULT 24 _Z3strB5cxx11
78: 0000000000401281 614 FUNC GLOBAL DEFAULT 12 _Z38_static_initializatio
79: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNKSt7__cxx1112basic_str
80: 0000000000000000 0 FUNC GLOBAL DEFAULT UND memcmp@@GLIBC_2.2.5
81: 0000000000602370 0 NOTYPE GLOBAL DEFAULT 24 _end
82: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSolsEPFRSoS_E@@GLIBCXX
83: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZStrsIcSt11char_traitsIc
84: 0000000000400ec0 0 FUNC GLOBAL DEFAULT UND _ZSt4endlIcSt11char_trait
85: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSt7__cxx1112basic_stri
86: 00000000006020e0 0 NOTYPE GLOBAL DEFAULT 23 _edata
87: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSaIcEC1Ev@@GLIBCXX_3.4
88: 0000000000400ef0 0 FUNC GLOBAL DEFAULT UND __gxx_personality_v0@@CXX
89: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZStlsIcSt11char_traitsIc
90: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _Unwind_Resume@@GCC_3.0
91: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSt7__cxx1112basic_stri
92: 0000000000602320 32 OBJECT GLOBAL DEFAULT 24 _Z13falsePasswordB5cxx11
93: 0000000000401012 623 FUNC GLOBAL DEFAULT 12 main
94: 0000000000400da8 0 FUNC GLOBAL DEFAULT 10 _init
95: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _ZNSt7__cxx1112basic_stri
Histogram for bucket list length (total of 17 buckets):
Length Number % of total Coverage
0 5 ( 29.4%)
1 2 ( 11.8%) 7.4%
2 6 ( 35.3%) 51.9%
3 3 ( 17.6%) 85.2%
4 1 ( 5.9%) 100.0%
Version symbols section '.gnu.version' contains 28 entries:
Addr: 0x0000000000400a62 Offset: 0x000a62 Link: 4 (.dynsym)
000: 0 (*local*) 2 (GLIBCXX_3.4) 0 (*local*) 3 (GLIBC_2.2.5)
004: 4 (GLIBCXX_3.4.21) 2 (GLIBCXX_3.4) 3 (GLIBC_2.2.5) 3 (GLIBC_2.2.5)
008: 2 (GLIBCXX_3.4) 2 (GLIBCXX_3.4) 2 (GLIBCXX_3.4) 4 (GLIBCXX_3.4.21)
00c: 4 (GLIBCXX_3.4.21) 2 (GLIBCXX_3.4) 4 (GLIBCXX_3.4.21) 2 (GLIBCXX_3.4)
010: 4 (GLIBCXX_3.4.21) 3 (GLIBC_2.2.5) 2 (GLIBCXX_3.4) 4 (GLIBCXX_3.4.21)
014: 2 (GLIBCXX_3.4) 4 (GLIBCXX_3.4.21) 2 (GLIBCXX_3.4) 5 (CXXABI_1.3)
018: 4 (GLIBCXX_3.4.21) 6 (GCC_3.0) 4 (GLIBCXX_3.4.21) 4 (GLIBCXX_3.4.21)
Version needs section '.gnu.version_r' contains 3 entries:
Addr: 0x0000000000400aa0 Offset: 0x000aa0 Link: 5 (.dynstr)
000000: Version: 1 File: libgcc_s.so.1 Cnt: 1
0x0010: Name: GCC_3.0 Flags: none Version: 6
0x0020: Version: 1 File: libc.so.6 Cnt: 1
0x0030: Name: GLIBC_2.2.5 Flags: none Version: 3
0x0040: Version: 1 File: libstdc++.so.6 Cnt: 3
0x0050: Name: CXXABI_1.3 Flags: none Version: 5
0x0060: Name: GLIBCXX_3.4.21 Flags: none Version: 4
0x0070: Name: GLIBCXX_3.4 Flags: none Version: 2
Displaying notes found in: .note.ABI-tag
Owner Data size Description
GNU 0x00000010 NT_GNU_ABI_TAG (ABI version tag)
OS: Linux, ABI: 2.6.32
$ strings -t d -d Sh4ll10.1.bin
568 /lib64/ld-linux-x86-64.so.2
1497 libstdc++.so.6
1512 _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1Ev
1570 _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEPKc
1630 __gmon_start__
1645 _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
1701 _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEixEm
1759 _ZNSaIcEC1Ev
1772 _ZStlsIcSt11char_traitsIcESaIcEERSt13basic_ostreamIT_T0_ES7_RKNSt7__cxx1112basic_stringIS4_S5_T1_EE
1872 _ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
1931 __gxx_personality_v0
1952 _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEED1Ev
2010 _ZSt3cin
2019 _ZStrsIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EE
2118 _ZNSt8ios_base4InitD1Ev
2142 _ZNSolsEPFRSoS_E
2159 _ZNSt8ios_base4InitC1Ev
2183 _ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4dataEv
2245 _ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4sizeEv
2307 _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_c
2361 _ZSt4cout
2371 _ZNSaIcED1Ev
2384 _ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6lengthEv
2448 _ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EPKcRKS3_
2513 libm.so.6
2523 libgcc_s.so.1
2537 _Unwind_Resume
2552 libc.so.6
2562 __cxa_atexit
2575 memcmp
2582 __libc_start_main
2600 GCC_3.0
2608 GLIBC_2.2.5
2620 CXXABI_1.3
2631 GLIBCXX_3.4.21
2646 GLIBCXX_3.4
5686 ATSH
5809 [A\]
5824 AWAVA
5831 AUATL
5914 []A\A]A^A_
5968 The goal is to print the good boy. Good luck
6016 If there is no output printed, then you didn't validate the crackme
6084 Bad password
6097 Good password
6112 1d47faf54f84dc393a4a015a8f190e36
6351 ;*3$"
6401 zPLR$ objdump -M intel -d -C ./Sh4ll10.1.bin./Sh4ll10.1.bin: file format elf64-x86-64
Disassembly of section .init:
0000000000400da8 <_init>:
400da8: 48 83 ec 08 sub rsp,0x8
400dac: 48 8b 05 3d 12 20 00 mov rax,QWORD PTR [rip+0x20123d] # 601ff0 <__gmon_start__>
400db3: 48 85 c0 test rax,rax
400db6: 74 02 je 400dba <_init+0x12>
400db8: ff d0 call rax
400dba: 48 83 c4 08 add rsp,0x8
400dbe: c3 ret
Disassembly of section .plt:
0000000000400dc0 <.plt>:
400dc0: ff 35 42 12 20 00 push QWORD PTR [rip+0x201242] # 602008 <_GLOBAL_OFFSET_TABLE_+0x8>
400dc6: ff 25 44 12 20 00 jmp QWORD PTR [rip+0x201244] # 602010 <_GLOBAL_OFFSET_TABLE_+0x10>
400dcc: 0f 1f 40 00 nop DWORD PTR [rax+0x0]
0000000000400dd0 <exit@plt>:
400dd0: ff 25 42 12 20 00 jmp QWORD PTR [rip+0x201242] # 602018 <exit@GLIBC_2.2.5>
400dd6: 68 00 00 00 00 push 0x0
400ddb: e9 e0 ff ff ff jmp 400dc0 <.plt>
0000000000400de0 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::length() const@plt>:
400de0: ff 25 3a 12 20 00 jmp QWORD PTR [rip+0x20123a] # 602020 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::length() const@GLIBCXX_3.4.21>
400de6: 68 01 00 00 00 push 0x1
400deb: e9 d0 ff ff ff jmp 400dc0 <.plt>
0000000000400df0 <std::ios_base::Init::Init()@plt>:
400df0: ff 25 32 12 20 00 jmp QWORD PTR [rip+0x201232] # 602028 <std::ios_base::Init::Init()@GLIBCXX_3.4>
400df6: 68 02 00 00 00 push 0x2
400dfb: e9 c0 ff ff ff jmp 400dc0 <.plt>
0000000000400e00 <__cxa_atexit@plt>:
400e00: ff 25 2a 12 20 00 jmp QWORD PTR [rip+0x20122a] # 602030 <__cxa_atexit@GLIBC_2.2.5>
400e06: 68 03 00 00 00 push 0x3
400e0b: e9 b0 ff ff ff jmp 400dc0 <.plt>
0000000000400e10 <std::basic_ostream<char, std::char_traits<char> >& std::operator<< <std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, char)@plt>:
400e10: ff 25 22 12 20 00 jmp QWORD PTR [rip+0x201222] # 602038 <std::basic_ostream<char, std::char_traits<char> >& std::operator<< <std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, char)@GLIBCXX_3.4>
400e16: 68 04 00 00 00 push 0x4
400e1b: e9 a0 ff ff ff jmp 400dc0 <.plt>
0000000000400e20 <std::ios_base::Init::~Init()@plt>:
400e20: ff 25 1a 12 20 00 jmp QWORD PTR [rip+0x20121a] # 602040 <std::ios_base::Init::~Init()@GLIBCXX_3.4>
400e26: 68 05 00 00 00 push 0x5
400e2b: e9 90 ff ff ff jmp 400dc0 <.plt>
0000000000400e30 <std::basic_ostream<char, std::char_traits<char> >& std::operator<< <std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, char const*)@plt>:
400e30: ff 25 12 12 20 00 jmp QWORD PTR [rip+0x201212] # 602048 <std::basic_ostream<char, std::char_traits<char> >& std::operator<< <std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, char const*)@GLIBCXX_3.4>
400e36: 68 06 00 00 00 push 0x6
400e3b: e9 80 ff ff ff jmp 400dc0 <.plt>
0000000000400e40 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string()@plt>:
400e40: ff 25 0a 12 20 00 jmp QWORD PTR [rip+0x20120a] # 602050 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string()@GLIBCXX_3.4.21>
400e46: 68 07 00 00 00 push 0x7
400e4b: e9 70 ff ff ff jmp 400dc0 <.plt>
0000000000400e50 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string()@plt>:
400e50: ff 25 02 12 20 00 jmp QWORD PTR [rip+0x201202] # 602058 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string()@GLIBCXX_3.4.21>
400e56: 68 08 00 00 00 push 0x8
400e5b: e9 60 ff ff ff jmp 400dc0 <.plt>
0000000000400e60 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::data() const@plt>:
400e60: ff 25 fa 11 20 00 jmp QWORD PTR [rip+0x2011fa] # 602060 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::data() const@GLIBCXX_3.4.21>
400e66: 68 09 00 00 00 push 0x9
400e6b: e9 50 ff ff ff jmp 400dc0 <.plt>
0000000000400e70 <std::allocator<char>::~allocator()@plt>:
400e70: ff 25 f2 11 20 00 jmp QWORD PTR [rip+0x2011f2] # 602068 <std::allocator<char>::~allocator()@GLIBCXX_3.4>
400e76: 68 0a 00 00 00 push 0xa
400e7b: e9 40 ff ff ff jmp 400dc0 <.plt>
0000000000400e80 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::size() const@plt>:
400e80: ff 25 ea 11 20 00 jmp QWORD PTR [rip+0x2011ea] # 602070 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::size() const@GLIBCXX_3.4.21>
400e86: 68 0b 00 00 00 push 0xb
400e8b: e9 30 ff ff ff jmp 400dc0 <.plt>
0000000000400e90 <memcmp@plt>:
400e90: ff 25 e2 11 20 00 jmp QWORD PTR [rip+0x2011e2] # 602078 <memcmp@GLIBC_2.2.5>
400e96: 68 0c 00 00 00 push 0xc
400e9b: e9 20 ff ff ff jmp 400dc0 <.plt>
0000000000400ea0 <std::ostream::operator<<(std::ostream& (*)(std::ostream&))@plt>:
400ea0: ff 25 da 11 20 00 jmp QWORD PTR [rip+0x2011da] # 602080 <std::ostream::operator<<(std::ostream& (*)(std::ostream&))@GLIBCXX_3.4>
400ea6: 68 0d 00 00 00 push 0xd
400eab: e9 10 ff ff ff jmp 400dc0 <.plt>
0000000000400eb0 <std::basic_istream<char, std::char_traits<char> >& std::operator>><char, std::char_traits<char>, std::allocator<char> >(std::basic_istream<char, std::char_traits<char> >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&)@plt>:
400eb0: ff 25 d2 11 20 00 jmp QWORD PTR [rip+0x2011d2] # 602088 <std::basic_istream<char, std::char_traits<char> >& std::operator>><char, std::char_traits<char>, std::allocator<char> >(std::basic_istream<char, std::char_traits<char> >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&)@GLIBCXX_3.4.21>
400eb6: 68 0e 00 00 00 push 0xe
400ebb: e9 00 ff ff ff jmp 400dc0 <.plt>
0000000000400ec0 <std::basic_ostream<char, std::char_traits<char> >& std::endl<char, std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&)@plt>:
400ec0: ff 25 ca 11 20 00 jmp QWORD PTR [rip+0x2011ca] # 602090 <std::basic_ostream<char, std::char_traits<char> >& std::endl<char, std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&)@GLIBCXX_3.4>
400ec6: 68 0f 00 00 00 push 0xf
400ecb: e9 f0 fe ff ff jmp 400dc0 <.plt>
0000000000400ed0 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&)@plt>:
400ed0: ff 25 c2 11 20 00 jmp QWORD PTR [rip+0x2011c2] # 602098 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&)@GLIBCXX_3.4.21>
400ed6: 68 10 00 00 00 push 0x10
400edb: e9 e0 fe ff ff jmp 400dc0 <.plt>
0000000000400ee0 <std::allocator<char>::allocator()@plt>:
400ee0: ff 25 ba 11 20 00 jmp QWORD PTR [rip+0x2011ba] # 6020a0 <std::allocator<char>::allocator()@GLIBCXX_3.4>
400ee6: 68 11 00 00 00 push 0x11
400eeb: e9 d0 fe ff ff jmp 400dc0 <.plt>
0000000000400ef0 <__gxx_personality_v0@plt>:
400ef0: ff 25 b2 11 20 00 jmp QWORD PTR [rip+0x2011b2] # 6020a8 <__gxx_personality_v0@CXXABI_1.3>
400ef6: 68 12 00 00 00 push 0x12
400efb: e9 c0 fe ff ff jmp 400dc0 <.plt>
0000000000400f00 <std::basic_ostream<char, std::char_traits<char> >& std::operator<< <char, std::char_traits<char>, std::allocator<char> >(std::basic_ostream<char, std::char_traits<char> >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)@plt>:
400f00: ff 25 aa 11 20 00 jmp QWORD PTR [rip+0x2011aa] # 6020b0 <std::basic_ostream<char, std::char_traits<char> >& std::operator<< <char, std::char_traits<char>, std::allocator<char> >(std::basic_ostream<char, std::char_traits<char> >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)@GLIBCXX_3.4.21>
400f06: 68 13 00 00 00 push 0x13
400f0b: e9 b0 fe ff ff jmp 400dc0 <.plt>
0000000000400f10 <_Unwind_Resume@plt>:
400f10: ff 25 a2 11 20 00 jmp QWORD PTR [rip+0x2011a2] # 6020b8 <_Unwind_Resume@GCC_3.0>
400f16: 68 14 00 00 00 push 0x14
400f1b: e9 a0 fe ff ff jmp 400dc0 <.plt>
0000000000400f20 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator[](unsigned long)@plt>:
400f20: ff 25 9a 11 20 00 jmp QWORD PTR [rip+0x20119a] # 6020c0 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator[](unsigned long)@GLIBCXX_3.4.21>
400f26: 68 15 00 00 00 push 0x15
400f2b: e9 90 fe ff ff jmp 400dc0 <.plt>
0000000000400f30 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator=(char const*)@plt>:
400f30: ff 25 92 11 20 00 jmp QWORD PTR [rip+0x201192] # 6020c8 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator=(char const*)@GLIBCXX_3.4.21>
400f36: 68 16 00 00 00 push 0x16
400f3b: e9 80 fe ff ff jmp 400dc0 <.plt>
Disassembly of section .text:
0000000000400f40 <_start>:
400f40: 31 ed xor ebp,ebp
400f42: 49 89 d1 mov r9,rdx
400f45: 5e pop rsi
400f46: 48 89 e2 mov rdx,rsp
400f49: 48 83 e4 f0 and rsp,0xfffffffffffffff0
400f4d: 50 push rax
400f4e: 54 push rsp
400f4f: 49 c7 c0 30 17 40 00 mov r8,0x401730
400f56: 48 c7 c1 c0 16 40 00 mov rcx,0x4016c0
400f5d: 48 c7 c7 12 10 40 00 mov rdi,0x401012
400f64: ff 15 8e 10 20 00 call QWORD PTR [rip+0x20108e] # 601ff8 <__libc_start_main@GLIBC_2.2.5>
400f6a: f4 hlt
400f6b: 0f 1f 44 00 00 nop DWORD PTR [rax+rax*1+0x0]
0000000000400f70 <deregister_tm_clones>:
400f70: b8 e0 20 60 00 mov eax,0x6020e0
400f75: 48 3d e0 20 60 00 cmp rax,0x6020e0
400f7b: 74 13 je 400f90 <deregister_tm_clones+0x20>
400f7d: b8 00 00 00 00 mov eax,0x0
400f82: 48 85 c0 test rax,rax
400f85: 74 09 je 400f90 <deregister_tm_clones+0x20>
400f87: bf e0 20 60 00 mov edi,0x6020e0
400f8c: ff e0 jmp rax
400f8e: 66 90 xchg ax,ax
400f90: c3 ret
400f91: 0f 1f 44 00 00 nop DWORD PTR [rax+rax*1+0x0]
400f96: 66 2e 0f 1f 84 00 00 nop WORD PTR cs:[rax+rax*1+0x0]
400f9d: 00 00 00
0000000000400fa0 <register_tm_clones>:
400fa0: be e0 20 60 00 mov esi,0x6020e0
400fa5: 48 81 ee e0 20 60 00 sub rsi,0x6020e0
400fac: 48 c1 fe 03 sar rsi,0x3
400fb0: 48 89 f0 mov rax,rsi
400fb3: 48 c1 e8 3f shr rax,0x3f
400fb7: 48 01 c6 add rsi,rax
400fba: 48 d1 fe sar rsi,1
400fbd: 74 11 je 400fd0 <register_tm_clones+0x30>
400fbf: b8 00 00 00 00 mov eax,0x0
400fc4: 48 85 c0 test rax,rax
400fc7: 74 07 je 400fd0 <register_tm_clones+0x30>
400fc9: bf e0 20 60 00 mov edi,0x6020e0
400fce: ff e0 jmp rax
400fd0: c3 ret
400fd1: 0f 1f 44 00 00 nop DWORD PTR [rax+rax*1+0x0]
400fd6: 66 2e 0f 1f 84 00 00 nop WORD PTR cs:[rax+rax*1+0x0]
400fdd: 00 00 00
0000000000400fe0 <__do_global_dtors_aux>:
400fe0: 80 3d 29 13 20 00 00 cmp BYTE PTR [rip+0x201329],0x0 # 602310 <completed.7266>
400fe7: 75 17 jne 401000 <__do_global_dtors_aux+0x20>
400fe9: 55 push rbp
400fea: 48 89 e5 mov rbp,rsp
400fed: e8 7e ff ff ff call 400f70 <deregister_tm_clones>
400ff2: c6 05 17 13 20 00 01 mov BYTE PTR [rip+0x201317],0x1 # 602310 <completed.7266>
400ff9: 5d pop rbp
400ffa: c3 ret
400ffb: 0f 1f 44 00 00 nop DWORD PTR [rax+rax*1+0x0]
401000: c3 ret
401001: 0f 1f 44 00 00 nop DWORD PTR [rax+rax*1+0x0]
401006: 66 2e 0f 1f 84 00 00 nop WORD PTR cs:[rax+rax*1+0x0]
40100d: 00 00 00
0000000000401010 <frame_dummy>:
401010: eb 8e jmp 400fa0 <register_tm_clones>
0000000000401012 <main>:
401012: 55 push rbp
401013: 48 89 e5 mov rbp,rsp
401016: 53 push rbx
401017: 48 81 ec 88 00 00 00 sub rsp,0x88
40101e: 89 bd 7c ff ff ff mov DWORD PTR [rbp-0x84],edi
401024: 48 89 b5 70 ff ff ff mov QWORD PTR [rbp-0x90],rsi
40102b: 83 bd 7c ff ff ff 01 cmp DWORD PTR [rbp-0x84],0x1
401032: 7e 47 jle 40107b <main+0x69>
401034: be 50 17 40 00 mov esi,0x401750
401039: bf 00 22 60 00 mov edi,0x602200
40103e: e8 ed fd ff ff call 400e30 <std::basic_ostream<char, std::char_traits<char> >& std::operator<< <std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, char const*)@plt>
401043: be c0 0e 40 00 mov esi,0x400ec0
401048: 48 89 c7 mov rdi,rax
40104b: e8 50 fe ff ff call 400ea0 <std::ostream::operator<<(std::ostream& (*)(std::ostream&))@plt>
401050: be 80 17 40 00 mov esi,0x401780
401055: bf 00 22 60 00 mov edi,0x602200
40105a: e8 d1 fd ff ff call 400e30 <std::basic_ostream<char, std::char_traits<char> >& std::operator<< <std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, char const*)@plt>
40105f: be c0 0e 40 00 mov esi,0x400ec0
401064: 48 89 c7 mov rdi,rax
401067: e8 34 fe ff ff call 400ea0 <std::ostream::operator<<(std::ostream& (*)(std::ostream&))@plt>
40106c: be 40 23 60 00 mov esi,0x602340
401071: bf e0 20 60 00 mov edi,0x6020e0
401076: e8 35 fe ff ff call 400eb0 <std::basic_istream<char, std::char_traits<char> >& std::operator>><char, std::char_traits<char>, std::allocator<char> >(std::basic_istream<char, std::char_traits<char> >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&)@plt>
40107b: 48 8d 45 ee lea rax,[rbp-0x12]
40107f: 48 89 c7 mov rdi,rax
401082: e8 59 fe ff ff call 400ee0 <std::allocator<char>::allocator()@plt>
401087: 48 8d 55 ee lea rdx,[rbp-0x12]
40108b: 48 8d 45 c0 lea rax,[rbp-0x40]
40108f: be c4 17 40 00 mov esi,0x4017c4
401094: 48 89 c7 mov rdi,rax
401097: e8 34 fe ff ff call 400ed0 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&)@plt>
40109c: 48 8d 45 ee lea rax,[rbp-0x12]
4010a0: 48 89 c7 mov rdi,rax
4010a3: e8 c8 fd ff ff call 400e70 <std::allocator<char>::~allocator()@plt>
4010a8: 48 8d 45 a0 lea rax,[rbp-0x60]
4010ac: 48 89 c7 mov rdi,rax
4010af: e8 8c fd ff ff call 400e40 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string()@plt>
4010b4: be 20 23 60 00 mov esi,0x602320
4010b9: bf 40 23 60 00 mov edi,0x602340
4010be: e8 47 05 00 00 call 40160a <bool std::operator!=<char, std::char_traits<char>, std::allocator<char> >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)>
4010c3: 84 c0 test al,al
4010c5: 74 39 je 401100 <main+0xee>
4010c7: 48 8d 45 ef lea rax,[rbp-0x11]
4010cb: 48 89 c7 mov rdi,rax
4010ce: e8 0d fe ff ff call 400ee0 <std::allocator<char>::allocator()@plt>
4010d3: 48 8d 55 ef lea rdx,[rbp-0x11]
4010d7: 48 8d 45 80 lea rax,[rbp-0x80]
4010db: be c4 17 40 00 mov esi,0x4017c4
4010e0: 48 89 c7 mov rdi,rax
4010e3: e8 e8 fd ff ff call 400ed0 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&)@plt>
4010e8: 48 8d 45 ef lea rax,[rbp-0x11]
4010ec: 48 89 c7 mov rdi,rax
4010ef: e8 7c fd ff ff call 400e70 <std::allocator<char>::~allocator()@plt>
4010f4: 48 8d 45 80 lea rax,[rbp-0x80]
4010f8: 48 89 c7 mov rdi,rax
4010fb: e8 50 fd ff ff call 400e50 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string()@plt>
401100: bf 40 23 60 00 mov edi,0x602340
401105: e8 d6 fc ff ff call 400de0 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::length() const@plt>
40110a: 89 05 50 12 20 00 mov DWORD PTR [rip+0x201250],eax # 602360 <strLength>
401110: 8b 05 4a 12 20 00 mov eax,DWORD PTR [rip+0x20124a] # 602360 <strLength>
401116: 83 f8 03 cmp eax,0x3
401119: 0f 86 a7 00 00 00 jbe 4011c6 <main+0x1b4>
40111f: be 00 00 00 00 mov esi,0x0
401124: bf 40 23 60 00 mov edi,0x602340
401129: e8 f2 fd ff ff call 400f20 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator[](unsigned long)@plt>
40112e: 0f b6 18 movzx ebx,BYTE PTR [rax]
401131: be 00 00 00 00 mov esi,0x0
401136: bf 20 23 60 00 mov edi,0x602320
40113b: e8 e0 fd ff ff call 400f20 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator[](unsigned long)@plt>
401140: 0f b6 00 movzx eax,BYTE PTR [rax]
401143: 38 c3 cmp bl,al
401145: 75 7f jne 4011c6 <main+0x1b4>
401147: be 01 00 00 00 mov esi,0x1
40114c: bf 40 23 60 00 mov edi,0x602340
401151: e8 ca fd ff ff call 400f20 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator[](unsigned long)@plt>
401156: 0f b6 18 movzx ebx,BYTE PTR [rax]
401159: be 05 00 00 00 mov esi,0x5
40115e: bf 20 23 60 00 mov edi,0x602320
401163: e8 b8 fd ff ff call 400f20 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator[](unsigned long)@plt>
401168: 0f b6 00 movzx eax,BYTE PTR [rax]
40116b: 38 c3 cmp bl,al
40116d: 75 57 jne 4011c6 <main+0x1b4>
40116f: be 02 00 00 00 mov esi,0x2
401174: bf 40 23 60 00 mov edi,0x602340
401179: e8 a2 fd ff ff call 400f20 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator[](unsigned long)@plt>
40117e: 0f b6 18 movzx ebx,BYTE PTR [rax]
401181: be 08 00 00 00 mov esi,0x8
401186: bf 20 23 60 00 mov edi,0x602320
40118b: e8 90 fd ff ff call 400f20 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator[](unsigned long)@plt>
401190: 0f b6 00 movzx eax,BYTE PTR [rax]
401193: 38 c3 cmp bl,al
401195: 75 2f jne 4011c6 <main+0x1b4>
401197: be 03 00 00 00 mov esi,0x3
40119c: bf 40 23 60 00 mov edi,0x602340
4011a1: e8 7a fd ff ff call 400f20 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator[](unsigned long)@plt>
4011a6: 0f b6 18 movzx ebx,BYTE PTR [rax]
4011a9: be 09 00 00 00 mov esi,0x9
4011ae: bf 20 23 60 00 mov edi,0x602320
4011b3: e8 68 fd ff ff call 400f20 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator[](unsigned long)@plt>
4011b8: 0f b6 00 movzx eax,BYTE PTR [rax]
4011bb: 38 c3 cmp bl,al
4011bd: 75 07 jne 4011c6 <main+0x1b4>
4011bf: b8 01 00 00 00 mov eax,0x1
4011c4: eb 05 jmp 4011cb <main+0x1b9>
4011c6: b8 00 00 00 00 mov eax,0x0
4011cb: 84 c0 test al,al
4011cd: 74 18 je 4011e7 <main+0x1d5>
4011cf: 48 8d 45 c0 lea rax,[rbp-0x40]
4011d3: be d1 17 40 00 mov esi,0x4017d1
4011d8: 48 89 c7 mov rdi,rax
4011db: e8 50 fd ff ff call 400f30 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator=(char const*)@plt>
4011e0: bb 01 00 00 00 mov ebx,0x1
4011e5: eb 23 jmp 40120a <main+0x1f8>
4011e7: 48 8d 45 c0 lea rax,[rbp-0x40]
4011eb: 48 89 c6 mov rsi,rax
4011ee: bf 00 22 60 00 mov edi,0x602200
4011f3: e8 08 fd ff ff call 400f00 <std::basic_ostream<char, std::char_traits<char> >& std::operator<< <char, std::char_traits<char>, std::allocator<char> >(std::basic_ostream<char, std::char_traits<char> >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)@plt>
4011f8: be c0 0e 40 00 mov esi,0x400ec0
4011fd: 48 89 c7 mov rdi,rax
401200: e8 9b fc ff ff call 400ea0 <std::ostream::operator<<(std::ostream& (*)(std::ostream&))@plt>
401205: bb 00 00 00 00 mov ebx,0x0
40120a: 48 8d 45 a0 lea rax,[rbp-0x60]
40120e: 48 89 c7 mov rdi,rax
401211: e8 3a fc ff ff call 400e50 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string()@plt>
401216: 48 8d 45 c0 lea rax,[rbp-0x40]
40121a: 48 89 c7 mov rdi,rax
40121d: e8 2e fc ff ff call 400e50 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string()@plt>
401222: 89 d8 mov eax,ebx
401224: eb 51 jmp 401277 <main+0x265>
401226: 48 89 c3 mov rbx,rax
401229: 48 8d 45 ee lea rax,[rbp-0x12]
40122d: 48 89 c7 mov rdi,rax
401230: e8 3b fc ff ff call 400e70 <std::allocator<char>::~allocator()@plt>
401235: 48 89 d8 mov rax,rbx
401238: 48 89 c7 mov rdi,rax
40123b: e8 d0 fc ff ff call 400f10 <_Unwind_Resume@plt>
401240: 48 89 c3 mov rbx,rax
401243: 48 8d 45 ef lea rax,[rbp-0x11]
401247: 48 89 c7 mov rdi,rax
40124a: e8 21 fc ff ff call 400e70 <std::allocator<char>::~allocator()@plt>
40124f: eb 03 jmp 401254 <main+0x242>
401251: 48 89 c3 mov rbx,rax
401254: 48 8d 45 a0 lea rax,[rbp-0x60]
401258: 48 89 c7 mov rdi,rax
40125b: e8 f0 fb ff ff call 400e50 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string()@plt>
401260: 48 8d 45 c0 lea rax,[rbp-0x40]
401264: 48 89 c7 mov rdi,rax
401267: e8 e4 fb ff ff call 400e50 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string()@plt>
40126c: 48 89 d8 mov rax,rbx
40126f: 48 89 c7 mov rdi,rax
401272: e8 99 fc ff ff call 400f10 <_Unwind_Resume@plt>
401277: 48 81 c4 88 00 00 00 add rsp,0x88
40127e: 5b pop rbx
40127f: 5d pop rbp
401280: c3 ret
0000000000401281 <_static_initialization_and_destruction()>:
401281: 55 push rbp
401282: 48 89 e5 mov rbp,rsp
401285: 53 push rbx
401286: 48 81 ec 98 00 00 00 sub rsp,0x98
40128d: c7 45 cc 02 00 00 00 mov DWORD PTR [rbp-0x34],0x2
401294: 48 8d 55 98 lea rdx,[rbp-0x68]
401298: 8b 45 cc mov eax,DWORD PTR [rbp-0x34]
40129b: 48 89 d6 mov rsi,rdx
40129e: 89 c7 mov edi,eax
4012a0: e8 6d fd ff ff call 401012 <main>
4012a5: 89 45 c8 mov DWORD PTR [rbp-0x38],eax
4012a8: c7 45 ec 05 00 00 00 mov DWORD PTR [rbp-0x14],0x5
4012af: c7 45 e8 06 00 00 00 mov DWORD PTR [rbp-0x18],0x6
4012b6: c6 45 e7 01 mov BYTE PTR [rbp-0x19],0x1
4012ba: 80 7d e7 00 cmp BYTE PTR [rbp-0x19],0x0
4012be: 74 3a je 4012fa <_static_initialization_and_destruction()+0x79>
4012c0: c7 45 e0 00 00 00 00 mov DWORD PTR [rbp-0x20],0x0
4012c7: 81 7d e0 4d 17 00 00 cmp DWORD PTR [rbp-0x20],0x174d
4012ce: 77 10 ja 4012e0 <_static_initialization_and_destruction()+0x5f>
4012d0: 8b 45 e0 mov eax,DWORD PTR [rbp-0x20]
4012d3: 01 45 ec add DWORD PTR [rbp-0x14],eax
4012d6: 83 75 e8 05 xor DWORD PTR [rbp-0x18],0x5
4012da: 83 45 e0 01 add DWORD PTR [rbp-0x20],0x1
4012de: eb e7 jmp 4012c7 <_static_initialization_and_destruction()+0x46>
4012e0: c7 45 dc d0 15 00 00 mov DWORD PTR [rbp-0x24],0x15d0
4012e7: 81 7d dc d5 15 00 00 cmp DWORD PTR [rbp-0x24],0x15d5
4012ee: 77 ca ja 4012ba <_static_initialization_and_destruction()+0x39>
4012f0: c6 45 e7 00 mov BYTE PTR [rbp-0x19],0x0
4012f4: 83 45 dc 01 add DWORD PTR [rbp-0x24],0x1
4012f8: eb ed jmp 4012e7 <_static_initialization_and_destruction()+0x66>
4012fa: c7 45 c4 05 00 00 00 mov DWORD PTR [rbp-0x3c],0x5
401301: c7 45 c0 06 00 00 00 mov DWORD PTR [rbp-0x40],0x6
401308: 8b 45 c0 mov eax,DWORD PTR [rbp-0x40]
40130b: 83 c0 05 add eax,0x5
40130e: c1 f8 05 sar eax,0x5
401311: 33 45 c4 xor eax,DWORD PTR [rbp-0x3c]
401314: 89 45 bc mov DWORD PTR [rbp-0x44],eax
401317: 83 7d c8 01 cmp DWORD PTR [rbp-0x38],0x1
40131b: 74 0a je 401327 <_static_initialization_and_destruction()+0xa6>
40131d: bf 00 00 00 00 mov edi,0x0
401322: e8 a9 fa ff ff call 400dd0 <exit@plt>
401327: c6 85 60 ff ff ff 2f mov BYTE PTR [rbp-0xa0],0x2f
40132e: c6 85 61 ff ff ff 1d mov BYTE PTR [rbp-0x9f],0x1d
401335: c6 85 62 ff ff ff 14 mov BYTE PTR [rbp-0x9e],0x14
40133c: c6 85 63 ff ff ff 14 mov BYTE PTR [rbp-0x9d],0x14
401343: c6 85 64 ff ff ff 58 mov BYTE PTR [rbp-0x9c],0x58
40134a: c6 85 65 ff ff ff 08 mov BYTE PTR [rbp-0x9b],0x8
401351: c6 85 66 ff ff ff 14 mov BYTE PTR [rbp-0x9a],0x14
401358: c6 85 67 ff ff ff 19 mov BYTE PTR [rbp-0x99],0x19
40135f: c6 85 68 ff ff ff 01 mov BYTE PTR [rbp-0x98],0x1
401366: c6 85 69 ff ff ff 1d mov BYTE PTR [rbp-0x97],0x1d
40136d: c6 85 6a ff ff ff 1c mov BYTE PTR [rbp-0x96],0x1c
401374: c6 85 6b ff ff ff 59 mov BYTE PTR [rbp-0x95],0x59
40137b: c6 85 6c ff ff ff 58 mov BYTE PTR [rbp-0x94],0x58
401382: c6 85 6d ff ff ff 2c mov BYTE PTR [rbp-0x93],0x2c
401389: c6 85 6e ff ff ff 10 mov BYTE PTR [rbp-0x92],0x10
401390: c6 85 6f ff ff ff 11 mov BYTE PTR [rbp-0x91],0x11
401397: c6 85 70 ff ff ff 0b mov BYTE PTR [rbp-0x90],0xb
40139e: c6 85 71 ff ff ff 58 mov BYTE PTR [rbp-0x8f],0x58
4013a5: c6 85 72 ff ff ff 11 mov BYTE PTR [rbp-0x8e],0x11
4013ac: c6 85 73 ff ff ff 0b mov BYTE PTR [rbp-0x8d],0xb
4013b3: c6 85 74 ff ff ff 58 mov BYTE PTR [rbp-0x8c],0x58
4013ba: c6 85 75 ff ff ff 0c mov BYTE PTR [rbp-0x8b],0xc
4013c1: c6 85 76 ff ff ff 10 mov BYTE PTR [rbp-0x8a],0x10
4013c8: c6 85 77 ff ff ff 1d mov BYTE PTR [rbp-0x89],0x1d
4013cf: c6 85 78 ff ff ff 58 mov BYTE PTR [rbp-0x88],0x58
4013d6: c6 85 79 ff ff ff 17 mov BYTE PTR [rbp-0x87],0x17
4013dd: c6 85 7a ff ff ff 16 mov BYTE PTR [rbp-0x86],0x16
4013e4: c6 85 7b ff ff ff 14 mov BYTE PTR [rbp-0x85],0x14
4013eb: c6 85 7c ff ff ff 01 mov BYTE PTR [rbp-0x84],0x1
4013f2: c6 85 7d ff ff ff 58 mov BYTE PTR [rbp-0x83],0x58
4013f9: c6 85 7e ff ff ff 0e mov BYTE PTR [rbp-0x82],0xe
401400: c6 85 7f ff ff ff 19 mov BYTE PTR [rbp-0x81],0x19
401407: c6 45 80 14 mov BYTE PTR [rbp-0x80],0x14
40140b: c6 45 81 11 mov BYTE PTR [rbp-0x7f],0x11
40140f: c6 45 82 1c mov BYTE PTR [rbp-0x7e],0x1c
401413: c6 45 83 58 mov BYTE PTR [rbp-0x7d],0x58
401417: c6 45 84 1e mov BYTE PTR [rbp-0x7c],0x1e
40141b: c6 45 85 14 mov BYTE PTR [rbp-0x7b],0x14
40141f: c6 45 86 19 mov BYTE PTR [rbp-0x7a],0x19
401423: c6 45 87 1f mov BYTE PTR [rbp-0x79],0x1f
401427: c6 45 88 56 mov BYTE PTR [rbp-0x78],0x56
40142b: be 04 00 00 00 mov esi,0x4
401430: bf 40 23 60 00 mov edi,0x602340
401435: e8 e6 fa ff ff call 400f20 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator[](unsigned long)@plt>
40143a: 0f b6 18 movzx ebx,BYTE PTR [rax]
40143d: be 01 00 00 00 mov esi,0x1
401442: bf 40 23 60 00 mov edi,0x602340
401447: e8 d4 fa ff ff call 400f20 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator[](unsigned long)@plt>
40144c: 0f b6 00 movzx eax,BYTE PTR [rax]
40144f: 38 c3 cmp bl,al
401451: 75 1d jne 401470 <_static_initialization_and_destruction()+0x1ef>
401453: be 05 00 00 00 mov esi,0x5
401458: bf 40 23 60 00 mov edi,0x602340
40145d: e8 be fa ff ff call 400f20 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator[](unsigned long)@plt>
401462: 0f b6 00 movzx eax,BYTE PTR [rax]
401465: 3c 40 cmp al,0x40
401467: 75 07 jne 401470 <_static_initialization_and_destruction()+0x1ef>
401469: b8 01 00 00 00 mov eax,0x1
40146e: eb 05 jmp 401475 <_static_initialization_and_destruction()+0x1f4>
401470: b8 00 00 00 00 mov eax,0x0
401475: 84 c0 test al,al
401477: 74 64 je 4014dd <_static_initialization_and_destruction()+0x25c>
401479: 48 8d 85 60 ff ff ff lea rax,[rbp-0xa0]
401480: 48 89 45 b0 mov QWORD PTR [rbp-0x50],rax
401484: 48 8b 45 b0 mov rax,QWORD PTR [rbp-0x50]
401488: 48 89 45 d0 mov QWORD PTR [rbp-0x30],rax
40148c: 48 8b 45 b0 mov rax,QWORD PTR [rbp-0x50]
401490: 48 83 c0 29 add rax,0x29
401494: 48 89 45 a8 mov QWORD PTR [rbp-0x58],rax
401498: 48 8b 45 d0 mov rax,QWORD PTR [rbp-0x30]
40149c: 48 3b 45 a8 cmp rax,QWORD PTR [rbp-0x58]
4014a0: 74 2c je 4014ce <_static_initialization_and_destruction()+0x24d>
4014a2: 48 8b 45 d0 mov rax,QWORD PTR [rbp-0x30]
4014a6: 48 89 45 a0 mov QWORD PTR [rbp-0x60],rax
4014aa: 48 8b 45 a0 mov rax,QWORD PTR [rbp-0x60]
4014ae: 0f b6 00 movzx eax,BYTE PTR [rax]
4014b1: 83 f0 78 xor eax,0x78
4014b4: 88 45 9f mov BYTE PTR [rbp-0x61],al
4014b7: 0f be 45 9f movsx eax,BYTE PTR [rbp-0x61]
4014bb: 89 c6 mov esi,eax
4014bd: bf 00 22 60 00 mov edi,0x602200
4014c2: e8 49 f9 ff ff call 400e10 <std::basic_ostream<char, std::char_traits<char> >& std::operator<< <std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, char)@plt>
4014c7: 48 83 45 d0 01 add QWORD PTR [rbp-0x30],0x1
4014cc: eb ca jmp 401498 <_static_initialization_and_destruction()+0x217>
4014ce: be c0 0e 40 00 mov esi,0x400ec0
4014d3: bf 00 22 60 00 mov edi,0x602200
4014d8: e8 c3 f9 ff ff call 400ea0 <std::ostream::operator<<(std::ostream& (*)(std::ostream&))@plt>
4014dd: bf 00 00 00 00 mov edi,0x0
4014e2: e8 e9 f8 ff ff call 400dd0 <exit@plt>
00000000004014e7 <__static_initialization_and_destruction_0(int, int)>:
4014e7: 55 push rbp
4014e8: 48 89 e5 mov rbp,rsp
4014eb: 53 push rbx
4014ec: 48 83 ec 28 sub rsp,0x28
4014f0: 89 7d dc mov DWORD PTR [rbp-0x24],edi
4014f3: 89 75 d8 mov DWORD PTR [rbp-0x28],esi
4014f6: 83 7d dc 01 cmp DWORD PTR [rbp-0x24],0x1
4014fa: 0f 85 b2 00 00 00 jne 4015b2 <__static_initialization_and_destruction_0(int, int)+0xcb>
401500: 81 7d d8 ff ff 00 00 cmp DWORD PTR [rbp-0x28],0xffff
401507: 0f 85 a5 00 00 00 jne 4015b2 <__static_initialization_and_destruction_0(int, int)+0xcb>
40150d: bf 64 23 60 00 mov edi,0x602364
401512: e8 d9 f8 ff ff call 400df0 <std::ios_base::Init::Init()@plt>
401517: ba d8 20 60 00 mov edx,0x6020d8
40151c: be 64 23 60 00 mov esi,0x602364
401521: bf 20 0e 40 00 mov edi,0x400e20
401526: e8 d5 f8 ff ff call 400e00 <__cxa_atexit@plt>
40152b: 48 8d 45 ef lea rax,[rbp-0x11]
40152f: 48 89 c7 mov rdi,rax
401532: e8 a9 f9 ff ff call 400ee0 <std::allocator<char>::allocator()@plt>
401537: 48 8d 45 ef lea rax,[rbp-0x11]
40153b: 48 89 c2 mov rdx,rax
40153e: be e0 17 40 00 mov esi,0x4017e0
401543: bf 20 23 60 00 mov edi,0x602320
401548: e8 83 f9 ff ff call 400ed0 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&)@plt>
40154d: 48 8d 45 ef lea rax,[rbp-0x11]
401551: 48 89 c7 mov rdi,rax
401554: e8 17 f9 ff ff call 400e70 <std::allocator<char>::~allocator()@plt>
401559: ba d8 20 60 00 mov edx,0x6020d8
40155e: be 20 23 60 00 mov esi,0x602320
401563: bf 50 0e 40 00 mov edi,0x400e50
401568: e8 93 f8 ff ff call 400e00 <__cxa_atexit@plt>
40156d: bf 40 23 60 00 mov edi,0x602340
401572: e8 c9 f8 ff ff call 400e40 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string()@plt>
401577: ba d8 20 60 00 mov edx,0x6020d8
40157c: be 40 23 60 00 mov esi,0x602340
401581: bf 50 0e 40 00 mov edi,0x400e50
401586: e8 75 f8 ff ff call 400e00 <__cxa_atexit@plt>
40158b: e8 f1 fc ff ff call 401281 <_static_initialization_and_destruction()>
401590: 89 05 d2 0d 20 00 mov DWORD PTR [rip+0x200dd2],eax # 602368 < s>
401596: eb 1a jmp 4015b2 <__static_initialization_and_destruction_0(int, int)+0xcb>
401598: 48 89 c3 mov rbx,rax
40159b: 48 8d 45 ef lea rax,[rbp-0x11]
40159f: 48 89 c7 mov rdi,rax
4015a2: e8 c9 f8 ff ff call 400e70 <std::allocator<char>::~allocator()@plt>
4015a7: 48 89 d8 mov rax,rbx
4015aa: 48 89 c7 mov rdi,rax
4015ad: e8 5e f9 ff ff call 400f10 <_Unwind_Resume@plt>
4015b2: 48 83 c4 28 add rsp,0x28
4015b6: 5b pop rbx
4015b7: 5d pop rbp
4015b8: c3 ret
00000000004015b9 <_GLOBAL__sub_I__Z13falsePasswordB5cxx11>:
4015b9: 55 push rbp
4015ba: 48 89 e5 mov rbp,rsp
4015bd: be ff ff 00 00 mov esi,0xffff
4015c2: bf 01 00 00 00 mov edi,0x1
4015c7: e8 1b ff ff ff call 4014e7 <__static_initialization_and_destruction_0(int, int)>
4015cc: 5d pop rbp
4015cd: c3 ret
00000000004015ce <std::char_traits<char>::compare(char const*, char const*, unsigned long)>:
4015ce: 55 push rbp
4015cf: 48 89 e5 mov rbp,rsp
4015d2: 48 83 ec 20 sub rsp,0x20
4015d6: 48 89 7d f8 mov QWORD PTR [rbp-0x8],rdi
4015da: 48 89 75 f0 mov QWORD PTR [rbp-0x10],rsi
4015de: 48 89 55 e8 mov QWORD PTR [rbp-0x18],rdx
4015e2: 48 83 7d e8 00 cmp QWORD PTR [rbp-0x18],0x0
4015e7: 75 07 jne 4015f0 <std::char_traits<char>::compare(char const*, char const*, unsigned long)+0x22>
4015e9: b8 00 00 00 00 mov eax,0x0
4015ee: eb 18 jmp 401608 <std::char_traits<char>::compare(char const*, char const*, unsigned long)+0x3a>
4015f0: 48 8b 55 e8 mov rdx,QWORD PTR [rbp-0x18]
4015f4: 48 8b 4d f0 mov rcx,QWORD PTR [rbp-0x10]
4015f8: 48 8b 45 f8 mov rax,QWORD PTR [rbp-0x8]
4015fc: 48 89 ce mov rsi,rcx
4015ff: 48 89 c7 mov rdi,rax
401602: e8 89 f8 ff ff call 400e90 <memcmp@plt>
401607: 90 nop
401608: c9 leave
401609: c3 ret
000000000040160a <bool std::operator!=<char, std::char_traits<char>, std::allocator<char> >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)>:
40160a: 55 push rbp
40160b: 48 89 e5 mov rbp,rsp
40160e: 48 83 ec 10 sub rsp,0x10
401612: 48 89 7d f8 mov QWORD PTR [rbp-0x8],rdi
401616: 48 89 75 f0 mov QWORD PTR [rbp-0x10],rsi
40161a: 48 8b 55 f0 mov rdx,QWORD PTR [rbp-0x10]
40161e: 48 8b 45 f8 mov rax,QWORD PTR [rbp-0x8]
401622: 48 89 d6 mov rsi,rdx
401625: 48 89 c7 mov rdi,rax
401628: e8 05 00 00 00 call 401632 <__gnu_cxx::__enable_if<std::__is_char<char>::__value, bool>::__type std::operator==<char>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)>
40162d: 83 f0 01 xor eax,0x1
401630: c9 leave
401631: c3 ret
0000000000401632 <__gnu_cxx::__enable_if<std::__is_char<char>::__value, bool>::__type std::operator==<char>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)>:
401632: 55 push rbp
401633: 48 89 e5 mov rbp,rsp
401636: 41 54 push r12
401638: 53 push rbx
401639: 48 83 ec 10 sub rsp,0x10
40163d: 48 89 7d e8 mov QWORD PTR [rbp-0x18],rdi
401641: 48 89 75 e0 mov QWORD PTR [rbp-0x20],rsi
401645: 48 8b 45 e8 mov rax,QWORD PTR [rbp-0x18]
401649: 48 89 c7 mov rdi,rax
40164c: e8 2f f8 ff ff call 400e80 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::size() const@plt>
401651: 48 89 c3 mov rbx,rax
401654: 48 8b 45 e0 mov rax,QWORD PTR [rbp-0x20]
401658: 48 89 c7 mov rdi,rax
40165b: e8 20 f8 ff ff call 400e80 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::size() const@plt>
401660: 48 39 c3 cmp rbx,rax
401663: 75 43 jne 4016a8 <__gnu_cxx::__enable_if<std::__is_char<char>::__value, bool>::__type std::operator==<char>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)+0x76>
401665: 48 8b 45 e8 mov rax,QWORD PTR [rbp-0x18]
401669: 48 89 c7 mov rdi,rax
40166c: e8 0f f8 ff ff call 400e80 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::size() const@plt>
401671: 49 89 c4 mov r12,rax
401674: 48 8b 45 e0 mov rax,QWORD PTR [rbp-0x20]
401678: 48 89 c7 mov rdi,rax
40167b: e8 e0 f7 ff ff call 400e60 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::data() const@plt>
401680: 48 89 c3 mov rbx,rax
401683: 48 8b 45 e8 mov rax,QWORD PTR [rbp-0x18]
401687: 48 89 c7 mov rdi,rax
40168a: e8 d1 f7 ff ff call 400e60 <std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::data() const@plt>
40168f: 4c 89 e2 mov rdx,r12
401692: 48 89 de mov rsi,rbx
401695: 48 89 c7 mov rdi,rax
401698: e8 31 ff ff ff call 4015ce <std::char_traits<char>::compare(char const*, char const*, unsigned long)>
40169d: 85 c0 test eax,eax
40169f: 75 07 jne 4016a8 <__gnu_cxx::__enable_if<std::__is_char<char>::__value, bool>::__type std::operator==<char>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)+0x76>
4016a1: b8 01 00 00 00 mov eax,0x1
4016a6: eb 05 jmp 4016ad <__gnu_cxx::__enable_if<std::__is_char<char>::__value, bool>::__type std::operator==<char>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)+0x7b>
4016a8: b8 00 00 00 00 mov eax,0x0
4016ad: 48 83 c4 10 add rsp,0x10
4016b1: 5b pop rbx
4016b2: 41 5c pop r12
4016b4: 5d pop rbp
4016b5: c3 ret
4016b6: 66 2e 0f 1f 84 00 00 nop WORD PTR cs:[rax+rax*1+0x0]
4016bd: 00 00 00
00000000004016c0 <__libc_csu_init>:
4016c0: 41 57 push r15
4016c2: 41 56 push r14
4016c4: 41 89 ff mov r15d,edi
4016c7: 41 55 push r13
4016c9: 41 54 push r12
4016cb: 4c 8d 25 06 07 20 00 lea r12,[rip+0x200706] # 601dd8 <__frame_dummy_init_array_entry>
4016d2: 55 push rbp
4016d3: 48 8d 2d 0e 07 20 00 lea rbp,[rip+0x20070e] # 601de8 <__do_global_dtors_aux_fini_array_entry>
4016da: 53 push rbx
4016db: 49 89 f6 mov r14,rsi
4016de: 49 89 d5 mov r13,rdx
4016e1: 4c 29 e5 sub rbp,r12
4016e4: 48 83 ec 08 sub rsp,0x8
4016e8: 48 c1 fd 03 sar rbp,0x3
4016ec: e8 b7 f6 ff ff call 400da8 <_init>
4016f1: 48 85 ed test rbp,rbp
4016f4: 74 20 je 401716 <__libc_csu_init+0x56>
4016f6: 31 db xor ebx,ebx
4016f8: 0f 1f 84 00 00 00 00 nop DWORD PTR [rax+rax*1+0x0]
4016ff: 00
401700: 4c 89 ea mov rdx,r13
401703: 4c 89 f6 mov rsi,r14
401706: 44 89 ff mov edi,r15d
401709: 41 ff 14 dc call QWORD PTR [r12+rbx*8]
40170d: 48 83 c3 01 add rbx,0x1
401711: 48 39 dd cmp rbp,rbx
401714: 75 ea jne 401700 <__libc_csu_init+0x40>
401716: 48 83 c4 08 add rsp,0x8
40171a: 5b pop rbx
40171b: 5d pop rbp
40171c: 41 5c pop r12
40171e: 41 5d pop r13
401720: 41 5e pop r14
401722: 41 5f pop r15
401724: c3 ret
401725: 90 nop
401726: 66 2e 0f 1f 84 00 00 nop WORD PTR cs:[rax+rax*1+0x0]
40172d: 00 00 00
0000000000401730 <__libc_csu_fini>:
401730: f3 c3 repz ret
Disassembly of section .fini:
0000000000401734 <_fini>:
401734: 48 83 ec 08 sub rsp,0x8
401738: 48 83 c4 08 add rsp,0x8
40173c: c3 ret Através do resultado do readelf, podemos ver que a entrada do binário está em: Entry point address: 0x400f40
Sabendo que o binário é dinamicamente linkado, usa o interpretador /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32 e not stripped, podemos entende que:
- é x86_64
- foi compilado com dependências (libc)
- possivelmente C++
- não foram removidos os nomes das funções
Normalmente, um programa escrito em C++ possui um método chamado main, olhando o resultado do objdump, é possível localizá-lo no endereço 0x401012.
Iniciamos o debug deste endereço:
- input com texto "a"
- no endereço 0x401105, é identificado o length de um string alocada em memória
- através do GDB, é possível ver que o conteudo da string é o que o programa recebe via stdin
- no endereço 0x401116, acontece uma comparação com o valor 0x3 seguido por JBE (jump below equal)
- conclusão, a string precisa ter um length acima de 0x3 (3)
- sem isto, continuando a execução recebemos a mensagem de erro "Bad Password"
Reiniciando o debug com o texto "aaaa"
- Novamente no endereço da comparação (0x401116), desta vez não faz mais um jump de "Bad Password"
- No endereço 0x401143, é comparado al com bl, onde bl tem a primeira letra de nossa string e al o valor 0x31 (49 decimal, em ascii, texto "1")
- sem isto, continuando a execução recebemos a mensagem de erro "Bad Password"
- Reiniciamos o debug, a string precisa iniciar com o "1"
Reiniciamos o debug com o texto "1aaa"
- No endereço 0x401143, é comparado al com bl, 0x31 com 0x31, não acontece mais o jump de Bad Password.
- Em 0x40116d, ocorre mais uma comparação de al com ab, desta vez, por coincidência, parece ser o valor "a" o comparado (0x61)
- Em 0x401193, ocorre mais uma comparação de al com ab, agora erramos, é buscado por 0x34 (decimal 52, em ascii, texto "4")
- Caimos novamente no Bad Password, reiniciamos
Reiniciamos o debug com o texto "1a4a"
- Em 0x401193, ocorre a comparação de al com ab, passamos
- Em 0x4011bb, novamente comparação de al com bl, dessa vez, é buscado por 0x66 (decimal 102, em ascii, f)
- Recebemos o Bad Password, reiniciamos
Reiniciamos o debug com o texto "1a4f"
- Em 0x4011bb, passamos
- No endereço 0x4012c7, existe um loop, ao estilo for, de 0 até 0x174d (5965), coloquei um breakpoint em 0x4012e0 (endereço do jump quando der o valor) para pular o loop mais rapidamente
- Após, mais um loop, desta vez é pequeno
- Em 0x40144f, novamente comparação de al com bl, desta vez é 0x61 mas, a parte interessante é que, agora, bl está com 0x0, não tendo string nenhuma, talvez a string seja maior do que 1a4f.
- Sem este valor, a aplicação termina mas não diz mensagem alguma...
- Reiniciamos adicionando o valor 0x61 (decimal 97, em ascii, texto "a")
Reiniciamos o debug com o texto "1a4fa"
- Em 0x40144f, agora a comparação passa, a string pode ser ainda maior
- Em 0x401465, tenta-se comparar 0x40 com al e este está zerado, talvez mais um caracter para se adicionar
- Sem este valor, a aplicação termina mas não diz mensagem alguma...
- Reiniciamos adicionando o valor 0x40 (decimal 64, em ascii, texto "@")
Reiniciamos o debug com o texto "1a4fa@"
- Em 0x401465, agora, a comparação acontece e passamos
- Entramos em um loop, parece que a aplicação está montando uma string, aparecem muitos valores hexa em rax
- Em 0x4014ce, acontece a montagem de alguns argumentos e, depois, em 0x4014d8, recebemos um stdout com o texto "Well played! This is the only valid flag."
- Fim
Confirmado, a flag é "1a4fa@"
Executando fora do debugger
$ ./Sh4ll10.1.bin
The goal is to print the good boy. Good luck
If there is no output printed, then you didn't validate the crackme
1a4fa@
Well played! This is the only valid flag.