I am honestly very confused on this due to my bomb phase 3 not looking like any of my classmates or the example given to me by my professor. Any help would be greatly appreciated. I have a copy of my recent terminal for use and ill put the I have been trying my hand at this for the better part of 5 hours, I've gotten far enough to know that %d %d is the layout requested, and that its asking for 2 numbers with i believe one of them being negative. Due to the comparison statement and jg here

   0x08048fbb <+39>:    cmp    $0x1,%eax
   0x08048fbe <+42>:    jg     0x8048fc5 <phase_3+49>

Also that its calling for another comparison of the same value which i think is the first here

   0x08048fc5 <+49>:    cmpl   $0x7,-0xc(%ebp)
   0x08048fc9 <+53>:    ja     0x8049032 <phase_3+158>

What is throwing me off is all the add and subtract right off the bat and in general all the adding and subtracting that is crammed into the bottom.

Where would i find the values that actually work with these statements at the endor should i just add up the numbers i see. At this point i don't even know if its staring at me in the face. All the comparisons are as followed

   0x08048fbb <+39>:    cmp    $0x1,%eax

0x08048fbe <+42>: jg 0x8048fc5

 0x08048fc5 <+49>:    cmpl   $0x7,-0xc(%ebp)
   0x08048fc9 <+53>:    ja     0x8049032 <phase_3+158>

   0x0804903c <+168>:   cmpl   $0x5,-0xc(%ebp)
   0x08049040 <+172>:   jg     0x8049047 <phase_3+179>

But its all mush at the moment I need a new set of eyes on this problem. If its out there any help would be greatly appreciated.

That's number 2.  Keep going!
0 1

Breakpoint 1, 0x08048f9a in phase_3 ()
(gdb) disas
Dump of assembler code for function phase_3:
   0x08048f94 <+0>:     push   %ebp
   0x08048f95 <+1>:     mov    %esp,%ebp
   0x08048f97 <+3>:     sub    $0x28,%esp
=> 0x08048f9a <+6>:     lea    -0x10(%ebp),%eax
   0x08048f9d <+9>:     mov    %eax,0xc(%esp)
   0x08048fa1 <+13>:    lea    -0xc(%ebp),%eax
   0x08048fa4 <+16>:    mov    %eax,0x8(%esp)
   0x08048fa8 <+20>:    movl   $0x804a58c,0x4(%esp)
   0x08048fb0 <+28>:    mov    0x8(%ebp),%eax
   0x08048fb3 <+31>:    mov    %eax,(%esp)
   0x08048fb6 <+34>:    call   0x8048894 <__isoc99_sscanf@plt>
   0x08048fbb <+39>:    cmp    $0x1,%eax
   0x08048fbe <+42>:    jg     0x8048fc5 <phase_3+49>
   0x08048fc0 <+44>:    call   0x8049321 <explode_bomb>
   0x08048fc5 <+49>:    cmpl   $0x7,-0xc(%ebp)
   0x08048fc9 <+53>:    ja     0x8049032 <phase_3+158>
   0x08048fcb <+55>:    mov    -0xc(%ebp),%eax
   0x08048fce <+58>:    xchg   %ax,%ax
   0x08048fd0 <+60>:    jmp    *0x804a4c0(,%eax,4)
   0x08048fd7 <+67>:    mov    $0x0,%eax
   0x08048fdc <+72>:    lea    0x0(%esi,%eiz,1),%esi
   0x08048fe0 <+76>:    jmp    0x804902d <phase_3+153>
   0x08048fe2 <+78>:    mov    $0x0,%eax
   0x08048fe7 <+83>:    jmp    0x804902a <phase_3+150>
   0x08048fe9 <+85>:    mov    $0x0,%eax
   0x08048fee <+90>:    xchg   %ax,%ax
   0x08048ff0 <+92>:    jmp    0x8049027 <phase_3+147>
   0x08048ff2 <+94>:    mov    $0x0,%eax
   0x08048ff7 <+99>:    jmp    0x8049024 <phase_3+144>
   0x08048ff9 <+101>:   mov    $0x0,%eax
   0x08048ffe <+106>:   xchg   %ax,%ax
   0x08049000 <+108>:   jmp    0x8049021 <phase_3+141>
   0x08049002 <+110>:   mov    $0x0,%eax
   0x08049007 <+115>:   jmp    0x804901c <phase_3+136>
   0x08049009 <+117>:   mov    $0x30d,%eax
   0x0804900e <+122>:   xchg   %ax,%ax
   0x08049010 <+124>:   jmp    0x8049017 <phase_3+131>
   0x08049012 <+126>:   mov    $0x0,%eax
   0x08049017 <+131>:   sub    $0x264,%eax
   0x0804901c <+136>:   add    $0x3b8,%eax
   0x08049021 <+141>:   sub    $0x49,%eax
   0x08049024 <+144>:   add    $0x49,%eax
   0x08049027 <+147>:   sub    $0x49,%eax
   0x0804902a <+150>:   add    $0x49,%eax
   0x0804902d <+153>:   sub    $0x49,%eax
   0x08049030 <+156>:   jmp    0x804903c <phase_3+168>
   0x08049032 <+158>:   call   0x8049321 <explode_bomb>
   0x08049037 <+163>:   mov    $0x0,%eax
   0x0804903c <+168>:   cmpl   $0x5,-0xc(%ebp)
   0x08049040 <+172>:   jg     0x8049047 <phase_3+179>
   0x08049042 <+174>:   cmp    -0x10(%ebp),%eax
   0x08049045 <+177>:   je     0x804904c <phase_3+184>
   0x08049047 <+179>:   call   0x8049321 <explode_bomb>
   0x0804904c <+184>:   leave
   0x0804904d <+185>:   lea    0x0(%esi),%esi
   0x08049050 <+188>:   ret
End of assembler dump.
(gdb)

The first comparison you have mentioned (the one at +39) is comparing %eax which holds the return value from sscanf. As such it's just testing how many arguments could be converted. This code requires 2, thus that code is doing if (sscanf() > 1) goto ok; explode_bomb();

The comparison at +49 is checking the first number, it does if ((unsigned)x > 7) explode_bomb(); I hope that's obvious.

Next, at +60, you have the single most important instruction in this piece of code: jmp *0x804a4c0(,%eax,4). That is a jump through a jump table. It will take you to different locations depending on the value in %eax, which at that point is holding your first input. We know the input is between 0 and 7 so you have 8 entries in that table. You should be able to examine them with x/8a 0x804a4c0. It's a fair guess that they are various addresses in the following code block and the flow rejoins at +163. This pattern is commonly used by compilers to implement a switch statement.

Line +168 further restricts the first number to between 0 and 5, and line +174 compares the second number to the current value of %eax and explodes the bomb on mismatch. What this tells us is that the valid inputs form 6 pairs. We can pick an arbitrary first number, follow through the jump table and see what value will be placed in %eax and input that as second number.