CS 3330: Lab 1 (Bomb Lab)

This page is for a prior offering of CS 3330. It is not up-to-date.

1 Introduction

A Mad Programmer got really mad and planted a slew of binary bombs on our class machines. A binary bomb is a program that consists of a sequence of phases. Each phase expects you to type a particular string on stdin. If you type the correct string, then the phase is defused and the bomb proceeds to the next phase. Otherwise, the bomb explodes by printing "BOOM!!!" and then terminating. The bomb is defused when every phase has been defused.

There are too many bombs for us to deal with, so we are giving each student a bomb to defuse. Your mission is to defuse your bomb before the due date. Good luck, and welcome to the bomb squad!

1.1 About grading

For full credit in lab, diffuse phase 1. A homework will follow in which you should diffuse phases 2 and 3. A small amount of extra credit will be awarded if you diffuse more phases than that.

If you defuse phase 1 in lab, feel free to start on the homework.

You can see your grade for this lab and homework are at the gradebook, with approximately a 1-hour delay.

1.2 About Collaboration

For phase 1, anything goes. Being a lab, you can work together as much as you want.

For phases 2 and beyond, it is homework so more restrictions apply. You are welcome to discuss with one another the process and tools you use, but please do not look at or describe one another’s code.

2 Step 0: Use Linux

This lab only works on 64-bit Linux machines. The lab machines qualify; see lab 0.0 if you need help accessing them remotely.

3 Step 1: Get Your Bomb

You can obtain your bomb by pointing your Web browser at:


This will display a binary bomb request form for you to fill in. Enter your computing ID and email address and hit the Submit button. The server will build your bomb and return it to your browser in a tar file called bombk.tar, where k is the unique number of your bomb.

Save the bombk.tar file to a (protected) directory in which you plan to do your work. Then give the command: tar -xvf bombk.tar. This will create a directory called ./bombk with the following files:

If for some reason you request multiple bombs, this is not a problem. Choose one bomb to work on and delete the rest.

3.1 Getting a bombs from ssh

If you are trying to do the lab without phyiscal access to the machine being used, try the following:

curl "http://archimedes.cs.virginia.edu:15213/?username=$USER&usermail=$USER@virginia.edu&submit=Submit" > bomb.tar
mv bomb.tar $(head -1 bomb.tar | cut -d'/' -f1).tar

Note, this might fail if the remote machine you run it on is not a lab machine because $USER might not be set correctly by other machines. Replace $USER with your computing ID if you are running this command e.g. in cloud9, koding, or codio.

4 Step 2: Defuse Your Bomb

Please look at the Getting Started and Hints sections for some tips and ideas. The best way is to use your favorite debugger to step through the disassembled binary. Almost no students succeed without using a debugger like gdb or lldb.

Your job for this lab is to defuse your bomb. Each has a few tamper-proofing elements. You can use many tools to help you defuse your bomb. Each time your bomb explodes it notifies the bomblab server. If you get to 20 explosions we’ll start removing points.

Although phases get progressively harder to defuse, the expertise you gain as you move from phase to phase should offset this difficulty. The last phase will challenge even the best students.

The bomb ignores blank input lines.

If you run your bomb with a command line argument, for example,

linux> ./bomb psol.txt

then it will read the input lines from psol.txt until it reaches EOF (end of file), and then switch over to stdin. This will keep you from having re-type solutions.

To avoid accidentally detonating the bomb, you will need to learn how to single-step through the assembly code and how to set breakpoints. You will also need to learn how to inspect both the registers and the memory states. THe experience reaching assembly will help you with the later parts of this course; the experience using a debugger will probably help you for the rest of your career.

5 Getting Started

6 Later Phases

Each phase uses a different code pattern. You’ll probably not only step through code and examine values but also inspect disassembled code if you want to understand all the phases.

The phases include at least the following:

7 Hints

There are many ways of defusing your bomb. You can examine it in great detail without ever running the program, and figure out exactly what it does. This is a useful technique, but it not always easy to do.

You can also run it under a debugger, watch what it does step by step, and use this information to defuse it. This is probably the fastest way of defusing it.

We do make one request, please do not use brute force! You could write a program that will try every possible key to find the right one. But this is no good for several reasons:

There are many tools which are designed to help you figure out both how programs work, and what is wrong when they don’t work. Here is a list of some of the tools you may find useful in analyzing your bomb, and hints on how to use them.


The GNU debugger, this is a command line debugger tool available on virtually every platform. See the Getting Started section for more.

objdump -t

This will print out the bomb’s symbol table. The symbol table includes the names of all functions and global variables in the bomb, the names of all the functions the bomb calls, and their addresses. You may learn something by looking at the function names!

objdump -d

Use this to disassemble all of the code in the bomb. You can also just look at individual functions. Reading the assembler code can tell you how the bomb works.

Although objdump -d gives you a lot of information, it doesn’t tell you the whole story. Calls to system-level functions are displayed in a cryptic form. For example, a call to sscanf might appear as:

8048c36:  e8 99 fc ff ff  call   80488d4 <.init+0x1a0> 

To determine that the call was to sscanf, you would need to disassemble within gdb.

If you prefer to get Intel syntax disassembly from objdump, you can use objdump -M intel -d.


This utility will display the printable strings in your bomb.

Looking for a particular tool? How about documentation? The commands apropos, man, and info are your friends. In particular, man ascii might come in useful. info gas will give you more than you ever wanted to know about the GNU Assembler. Also, the web has lots of information on it. If you get stumped, feel free to ask course staff for help.

8 Submission

There is no explicit submission. The bomb will notify your instructor automatically about your progress as you work on it. You can keep track of how you are doing by looking at the class scoreboard at:


This web page is updated every minute to show the progress for each bomb. It also shows a score based on how many phases are diffused and how many explosions you’ve had. This score is not how we grade your submission; your grade will be

Your computed score should appear in the gradebook with a roughly one-hour delay, assuming our servers are running properly.

Copyright © 2016–2017 by Samira Khan, Luther Tychonievich, and Charles Reiss.
Last updated 2017-01-31 21:39:50