from pwn import *

# context.log_level = "debug"

p = process("../../target/x86_64-unknown-linux-musl/debug/p13")
p.recvuntil(b"> ")  # 等待提示符


p.sendline(b"1")
p.recvuntil(b"email: ")
p.sendline(b"foo@bar.com12")
cipher = p.recvline().strip()
print(f"Cipher: {cipher}")

role_cipher = cipher[32:64]

p.sendline(b"1")
p.recvuntil(b"email: ")
p.sendline(b"foo@bar.co" + b"admin" + b"\x0b" * 11)
cipher = p.recvline().strip()
# admin_cipher = cipher[32:64]
print(f"Cipher: {cipher}")

cracked_cipher = cipher[0:32] + role_cipher + cipher[32:]

p.recvuntil(b"> ")
p.sendline(b"2")
p.recvuntil(b"cipher: ")
p.sendline(cracked_cipher)

profile = p.recvline().strip()
print(f"Profile: {profile}")

json = p.recvline().strip()
print(f"Json: {json}")

if b"Cracked!" in json:
    print("Success!")


p.recvuntil(b"> ")
# p.interactive()