I finally understand what is going on, but I don't think I can finish by Sunday, can I have some extra time ?

I can't run my bomb - I get "permission denied". I get the same thing when I try to use gdb on the bomb. What's wrong?

chmod +x bomb

I can see how to get to the secret phase, but it doesn't seem possible to enter the string it expects. Am I missing something?

A number of bombs were built with faulty secret phase code, yours may be one of them. Check the HW2 status page and see if you need to get a fixed bomb.

The fixed bomb includes changes only to the secret phase, all the other phases are identical to the original bomb (you don't need to start all over, everything you've done will still work fine). The address of some things will likely change a little (so don't rely on old printouts).

Note that the only know problem is with some bombs and the secret phase, there is no problem with any of the other phases. If the status page does not inclue a link labeled "IMPORTANT" for your bomb, there is no secret phase problem.

How do I look at %al or %bl in gdb?

al is the rightmost 8 bits of eax, and ah is the next significat byte of eax. If print $eax shows 0x11223344, you know that al is 0x44 and ah is 0x33.

What does jmp *%edx mean?

Any jmp where the destination address starts with "*" is an indirect jump. The operand indicates what holds the address to jump to. If %edx holds 0x80556677, the instruction jmp *%edx will jump to location 0x80556677.

What does repnz scas mean?

This is complex instruction supported by IA32 that deals with strings (sequences of bytes), in the case of scas it scans a string looking for whatever is in %al (probably zero). Here is a link with more information about this (all a bunch of IA32 string instructions): http://docs.sun.com/db/doc/806-3773/6jct9o0aq?a=view