from hackingscripts import util
from pwn import context, disasm
import re

if __name__ == "__main__":
    with open("bowser.elf", "rb") as f:
        elf = f.read()

    context.arch = "amd64"
    offset = 0x1332
    flag = b""

    for instr in disasm(elf[offset:], byte=False, offset=False).split("\n"):
        match = re.match(r"movabs\s+(rax|rdx),\s+0x([0-9a-f]+)", instr)
        if match:
            flag += util.xor(bytearray.fromhex(match[2])[::-1], 0xFF)
        else:
            match = re.match(r"mov\s+WORD PTR \[.*\],\s+0x([0-9a-f]+)", instr)
            if match:
                flag += util.xor(bytearray.fromhex(match[1])[::-1], 0xFF)
            elif re.match(r"call\s+.*", instr):
                break

    flag = flag.split(b"\x00")[1].decode()
    print("[+] Flag:", flag)