Ryan Govostes
Home

Binary Bomb for RPI's CSCI 4971

In the Spring 2010 semester, I and other RPISEC members hosted the course CSCI 4971 - Secure Software Principles. One of the lab assignments I developed was to reverse engineer and defuse a "binary bomb", strongly inspired by Dave Hollinger's CompOrg Binary Bomb Squad.

---------------------------------------- -- -- -- ---
     ___         ___  ___    ___  ___               
    /  /    /   /__  /__    ___/ ___/               
   /__/    /   ___/ ___/   /__  ___/                
     HOURS      MINUTES     SECONDS                 
+--------------------------------------- -- -- -- --+
|                                                   |
|      ,   DR. VON NOIZEMAN'S NUCLEAR BOMB   ,      |
|     /!\ AUTHORIZED ACCESS ONLY - KEEP OUT /!\     |
|                                                   |
|       [1] YELLOW [2] GREEN [3] BLUE [4] RED       |
|                                                   |
+---------------------------------------------------+
  MENU SELECTION: 4
  CLOCK SYNC 1F0CCE42
  CLOCK SYNC 01B95EFB
  CLOCK SYNC 310AB19F
  ENTER CLOCK RESYNCHRONIZATION SEQUENCE:

Such assignments are now ubiquitous in undergraduate computer science courses as an engaging way for students to build fluency with debuggers and low-level program analysis. Our lab featured four challenges covering fundamentals like reading secrets from memory, triggering a trivial buffer overflow, traversing data structures, and bypassing anti-debugging checks. The CTF-like gamification turns each topic into a puzzle that, in solving it, develops key skills for a career in security research. (Or related pursuits: the red wire drew inspiration from cracking shareware-era software registration code schemes.)

The binaries were slightly parameterized so that each student received a personalized binary to discourage cheating. Most of these were detonated during the lab, and the sources were thought to have been destroyed. But one single unexploded binary survived on the CSCI 4971 course website.

I never expected the assignment to have much longevity—it features an LCD-style countdown hardcoded to the end of the lab period, for one thing. But it has made its way around the 'net, showing up in other courses such as Texas A&M's CSCE 451 – Software Reverse Engineering.

13 years later, I rediscovered the original source files and hosted them on GitHub for historical interest.