PROJECT 1: BOMB PROJECT - CS261 Disclaimer: this project is an adaptation of the bomblab from Bryant & O'hallaron, Computer Systems: A programmer's perspective. Third Edition. 1 Logistics This is

an individual project. All submissions are electronic. Clarifications and corrections will be posted on Piazza. Points Breakdown Phase 1 to 5: 20 Pts each phase. Phase 6 and Secret Phase (Phase 7): 5 Extra Pts each phase Maximum points: 100 points (+ 10 extra points). Phases 1 through 5 are required. Phases 6 and 7 are for extra credit (EC), and there is no penalty for skipping them. You may still get credit for phases completed late, but only up to 24 hours after the deadline. You can only receive 85 percent of the points for a phase you submitted late. There is no partial credit for phases beyond this. If after the late submission period, you have still not solved a phase you can request the phase solution by posting a private post to all the instructors on Piazza with the bomb number and phase you would like the solution for. Each time your bomb explodes you lose 1/2 point (up to a max of 20 points) in the final score for the project. Read the entire PDF before start the project 2 Introduction The nefarious Dr. Evil has planted a slew of "binary bombs" on our class machines. A binary bomb is a program that consists of a sequence of phases. Each phase expects you to type a particular string on stdin. 1 If you type the correct string, then the phase is defused and the bomb proceeds to the next phase. Otherwise, the bomb explodes by printing BOOM!!!" and then terminating. The bomb is defused when every phase has been defused. There are too many bombs for us to deal with, so we are giving each student a bomb to defuse. Your mission, which you have no choice but to accept, is to defuse your bomb before the due date. Good luck, and welcome to the bomb squad! Step 1: Get Your Bomb (This is not Phase 1) The first step is to download your binary bomb from the course server (systems#). To download the bomb, we published a website accessible only from the University network. To reach this website, you have two options: 1. Connect to UIC's wifi if you are on campus. 2. Connect to the UIC's Virtual Private Network (VPN). If you have not ever used the UIC VPN, please view the instructions here. The VPN is a secure connection that allows your computer to access the University network when you are off campus. Once in the network, paste the following link into your browser : http://cs261.cs.uic.edu: 15213/. If you can't view the page, first try viewing without your browser plugins in incognito mode, and finally, try using another browser. This will display a binary bomb request form for you to fill in. Enter your NetID and email address carefully (your grade will be reported based on the NetID you typed) and hit the Submit button. The server will build your bomb and return it to your browser in a tarball file called bombk.tar, where k is the unique number of your bomb. Note: Try this if you are having trouble connecting to the VPN or downloading the bomb in general • SSH into cs261.cs.uic.edu • Go to this Piazza post which contains a command to download a bomb, copy the command and paste the entire command into your terminal. • Follow the instructions given to you on the terminal. The second step is to send the bombk.tar file to one of the CS server via sftp (cs261.cs.uic.edu) and save the bombk.tar file into a (protected) directory in which you plan to do your work on. The third step is to extract the files from the tarball. For this, type the following command on the terminal from the folder that contains the tarball: 1tar -xvf bombk.tar This will create a directory called ./bombk with the following files (Read these files): • README: Identifies the bomb and its owners. 2 bomb: The executable binary bomb. • bomb.c: Source file with the bomb's main routine and a friendly greeting from Dr. Evil. ● Associated Sites: ● To setup 2-Factor Authentication: https://it.uic.edu/services/faculty-staff/uic-network/duo-2-factor- authentication-2/ • To download UIC's VPN (required): https://accc.uic.edu/services/infrastructure/network/virtual-private- network/ • To download a bomb: http://cs261.cs.uic.edu:15213 To view the scoreboard (it updates every ten minutes): http://cs261.cs.uic.edu: 15213/scoreboard. You must check that your score is updated after you solve a phase. If your score does not update after 10 minutes, it means you did not solve the phase. • If you experience any technical difficulties with the VPN, request help here https://accc.uic.edu/forms/contact- us/ Additional notes You must use your UIC NetID when downloading a bomb to receive credit when graded! • The project must be completed on cs261.cs.uic.edu and you might need to give permission to your bomb for execution (chmod +x bomb) • You can download multiple bombs. However, your grade will be based on your bomb with the overall highest score. This can be helpful when getting started; however, say you're working on phase 4 and have a handful of explosions, downloading a new bomb may not be a wise idea, as your scores for phases 1, 2, and 3 will not carry over to the new bomb, and you will not be able to earn those points on the new bomb because the deadlines for those phases have passed. Basically, once you have the hang of things, you should complete phase 1 with a bomb you plan to finish all phases with (you can continue to practice with other bombs with no penalty). Step 2: Learn how not to explode the bomb Your job for this project is to defuse your bombs before they explode. To avoid accidentally detonating the bomb, you will need to learn how to single-step through the assembly code and how to set breakpoints (see the Q&A at the end of this document). You can use many tools to help you defuse your bomb. Please look at the hints section for some tips and ideas. The best way is to use your favorite debugger to step through the disassembled binary. 3 Each time your bomb explodes it notifies the server, and you lose 1/2 point (up to a max of 20 points) in the final score for the project. So there are consequences to exploding the bomb. You must be careful! Students can download multiple bombs and each bomb is graded independently (the grade is computed per bomb, not per student). Your project grade is your bomb with the highest score. You might have exploded your bomb while you learn where to set the breakpoints. Once you know how to set the breakpoints, you can download a new bomb so you do not lose points for these first explosions. Step 3: Defuse Your Bomb Your job for this project is to defuse your bomb. Every time you defuse a phase you will see a printed message saying so. If you do not see the message, your phase has not been defused yet, even i you see in gdb that the next instruction will call the function defuse_bomb. You should also see the score updated on the scoreboard (it updates every ten minutes) http://cs261.cs.uic.edu: 15213/scoreboard You will need to learn how to inspect both the registers and the memory states using your favorite debugger. One of the nice side-effects of doing the project is that you will get very good at using a debugger. This is a crucial skill that will pay big dividends for the rest of your career. You must do the assignment on one of the class machines. In fact, there is a rumor that Dr. Evil really is evil, and the bomb will always blow up if run elsewhere. There are several other tamper-proofing devices built into the bomb as well, or so we hear. Although phases get progressively harder to defuse, the expertise you gain as you move from phase to phase should offset this difficulty. However, the last phase will challenge even the best students, so please don't wait until the last minute to start. The bomb ignores blank input lines. If you run your bomb with a command line argument, for example, ./bomb psol.txt then it will read the input lines from psol.txt until it reaches EOF (end of file), and then switch over to stdin. In a moment of weakness, Dr. Evil added this feature so you don't have to keep retyping the solutions to phases you have already defused. linux> Project Submissions There is no explicit submission. The bomb will record your progress as you work on it, assuming you entered your UIC email address when downloading the bomb. You can keep track of how you are doing by looking at the class scoreboard (while on the UIC network, or connected via the VPN): http://cs261.cs.uic.edu: 15213/scoreboard. This web page is updated every 2 minutes to show the progress of each bomb. You should check to make sure that your scores are recorded correctly on the server. The server has occasionally crashed, so checking that your scores were received is always a good idea. Hints (Please read this!) There are many ways of defusing your bomb. You can examine it in great detail without ever running the program, and figure out exactly what it does. This is a useful technique, but it is not always easy to do. You can also run it under a debugger, watch what it does step by step, and use this information to defuse it. This is probably the fastest way of defusing it. We do make one request, please do not use brute force! You could write a program that will try every possible key to find the right one. But this is no good for several reasons: You lose 1/2 point (up to a max of 20 points) every time you guess incorrectly and the bomb explodes. Every time you guess wrong, a message is sent to the server. You could very quickly saturate the network with these messages, and cause the system administrators to revoke your computer access. • We haven't told you how long the strings are, nor have we told you what characters are in them. Even if you made the (incorrect) assumption that they all are less than 80 characters long and only contain letters, then you will have 2680 guesses for each phase. This will take a very long time to run, and you will not get the answer before the assignment is due. Many tools are designed to help you figure out both how programs work, and what is wrong when they don't work. Here is a list of some of the tools you may find useful in analyzing your bomb, and hints on how to use them. ● • gdb The GNU debugger is a command-line debugger tool available on virtually every platform. You can trace through a program line by line, examine memory and registers, look at both the source code and assembly code (we are not giving you the source code for most of your bomb), set breakpoints, set memory watchpoints, and write scripts. The CS:APP website http://csapp.cs.cmu.edu/public/students.html has a very handy single-page gdb summary that you can print out and use as some other tips for using gdb. reference. Here are To keep the bomb from blowing up every time you type in a wrong input, you'll want to learn how to set breakpoints. For online documentation, type "help" at the gdb command prompt, or type “man gdb", or "info gdb” at a Unix prompt. Some people also like to run gdb under gdb-mode in emacs. objdump -t This will print out the bomb's symbol table. The symbol table includes the names of all functions and global variables in the bomb, the names of all the functions the bomb calls, and their addresses. You may learn something by looking at the function names! 5