#!/usr/bin/env python3

# Only possible after dumping GRLTS02 monitor...
# See brute_GRLTS02.sh/timepwn_GRLTS02.py for the initial entry

pass_arwen = [
    0xc6, 0x44, 0x99, 0xe3, 0xe9, 0x19, 0x0d, 0x07, 0x0d, 0x12, 0x79
]
pass_shadow = [
    0xe9, 0x22, 0xd8, 0x7c, 0x3c, 0x07, 0x54, 0x2d, 0x5e, 0x53, 0x6a, 0xff,
    0x80, 0x5e, 0xcd, 0xc8, 0xcf, 0xff, 0x44, 0x74, 0xc8, 0xd8, 0x4b
]

enctable = open("../GRLTS02/ENCTABLE.BIN", "rb").read()

sumtable = []
for x in range(0x100):
    b  = enctable[x+0x000]
    b += enctable[x+0x100]
    b += enctable[x+0x200]
    b += enctable[x+0x300]
    b &= 0xff
    sumtable.append(b)

chars = b"{}*02357@BFLOSTXY_degilnps"

def decode(pwd):
    dec = bytearray()
    for i, x in enumerate(pwd):
        # candidates = ""
        # for ni, y in enumerate(sumtable):
            # if x == y:
                # c = (ni - i) & 0xff
                # if c < 0x20 or c >= 0x80:
                    # continue
                # candidates += chr(c)
        # print(candidates)

        for y in chars:
            if sumtable[(y + i) & 0xff] == x:
                dec.append(y)
                break
    return dec

print(decode(pass_arwen).decode())
print(decode(pass_shadow).decode())