Lab 12 – Prelab

In previous labs we have referenced Norm Matloff’s Guide to Faster, Less Frustrating Debugging. If you aren’t yet an expert with GDB, read this guide again. In Lab 12 you will need to be a master of GDB.


Under your gitlab structure for ~/csci206/Labs, create the folder for the current lab, Lab12. You should save all your work in this folder, as usual. Copy all files from the ~cs206/Labs/Lab12/ folder. You should see three executable files and two C source files. Note that the executable files are compiled for the MIPS machines.


In this lab you will disassemble a binary executable in order to understand what a program is doing. In the case of the lab, the binary executable is a binary bomb. This is just a program where all you have to do is enter the correct input then the bomb is defused and the lab is complete. If your input is not correct, your bomb sends us a message and we deduct a half-point from your lab grade for each explosion. In practice, we hope you never have to defuse an actual bomb, but you might have to disassemble a binary executable to get to the bottom of a tricky bug or performance problem.

To get warmed up, take a look at the C source code in simple_bomb.c below. The main function below is used throughout this prelab (check_pin will change).

It’s pretty obvious from the C code that this program reads one integer (using scanf) and will print SUCCESS if the input was 42. To make things a little harder, in mini_bomb.c below we have changed the pin and moved the check_pin function to an external library which you don’t have access to. Think about how you might discover the pin that is compiled in this mini_bomb MIPS executable file.

In this case you could use trial and error, but that would take a lot of time. A smarter way is to disassemble the machine code to discover what the check_pin function is doing. One way to disassemble this function is to use gdb. The disassemble command does exactly what we want. If you provide a function name to the disassemble command you can disassemble a single function as shown below. (Do the following on the mips computer.)

From this code can you decipher what is going on? We know if this function returns 0 the pin was incorrect (an integer value of non-zero is true, otherwise false). When does it return a non-zero value?

The return value of this function is in v0 and we see the instruction sltiu at 0x004007b8 (in the branch delay slot!) will set or clear v0 depending on the value of v0 set by the previous xori function. In this case, we need the result of the xori to be an unsigned value less than 1 (that is, exactly 0).  The input of xori is the immediate value 0x4d2 and the user input in a0. After some thinking you should be able to convince yourself that the way to get a 0 out of xor is to xor a number with itself. So in this case, 0x4d2 xor 0x4d2 == 0. Now we know that our program is looking for the pin 0x4d2! The last detail is that our program reads the input in base-10 (scanf(“%d”…)), so convert 0x4d2 into base-10 and enter that as your input to mini_bomb executable! You should get SUCCESS!


Create the file prelab.txt in your Lab12 folder. Use the procedure described above to discover the pin numbers used in the following mini_bombs. In the prelab.txt file, describe your solution and the reasoning for each of the two mini-bombs. The C program mini_bomb.c remains the same but we made check_pin a little more interesting. Note: these are compiled for MIPS, so you have to execute and run gdb on the mips machine! In addition, if you are not sure the meaning of any MIPS instructions, look it up over the internet.


Submit the prelab.txt to your git repo.

Grading Rubric

30 points total: 15 points for each correct description of the solution to a mini_bomb.


Print Friendly
Posted in Lab Tagged with:

Leave a Reply

Your email address will not be published. Required fields are marked *


This blog is kept spam free by WP-SpamFree.