sudhackar/analyze_decrypt.py

## analyze_decrypt.py
import ctypes
import struct

s = set()
t = set()
for x in range(2**16):
    y = (((x & 0xFFC) << 16) - 0x14C437BE) ^ ((x & 0xF0) << 8) | ((x & 0xFFC) << 8) |  ((x >> 8) << 24) |  x & 0xFC
    y = ctypes.c_uint32(y).value
    # print hex(x), hex(y)
    if not y in s:
        t.add(x)
    s.add(y)

print len(s), len(t)
# u = set([0xeb3bc842 ,0xfb3bc842 ,0xeb3fcc46 ,0xeb43c84a ,0xffefecee ,0xeb47cc4e ,0xeb4bd852 ,0xfd9bd85a ,0xeb4fdc56 ,0xeb53d85a ,0xfb3fcc46 ,0xeb57dc5e ,0xeb5be862 ,0xffebf8f2 ,0xeb5fec66 ,0xeb63e86a ,0xfd9fdc5e ,0xeb67ec6e ,0xff37fcfe ,0xeb6bf872 ,0xfb4bc84a ,0xeb6ffc76 ,0xeb73f87a ,0xffeffcf6 ,0xeb77fc7e ,0xeb7bc842 ,0xfd9be862 ,0xfddfd8da ,0xffa7e86a ,0xeb7fcc46 ,0xfe27ecee ,0xeb83c84a ,0xfb4fcc4e ,0xffe3e8ea ,0xeb87cc4e ,0xfd4fd852 ,0xeb8bd852 ,0xfffbf8fa ,0xeb8fdc56 ,0xeb93d85a ,0xfd9fec66 ,0xffcfc8ca ,0xeb97dc5e ,0xeb9be862 ,0xfb4bd852 ,0xfdd3d8da ,0xeb9fec66 ,0xff3fc842 ,0xeba3e86a ,0xfffffcfe ,0xeba7ec6e ,0xebabf872 ,0xfdabe86a ,0xebaffc76 ,0xebb3f87a ,0xfb4fdc56 ,0xfbc3c8ca ,0xebb7fc7e ,0xebbbc8c2 ,0xfffbc8c2 ,0xebbfccc6 ,0xebc3c8ca ,0xfdafec6e ,0xebc7ccce ,0xebcbd8d2 ,0xfb5bd85a ,0xebcfdcd6 ,0xebd3d8da ,0xffffccc6 ,0xffc7c8ca ,0xebd7dcde ,0xfe2ff8f2 ,0xebdbe8e2 ,0xfdabf872 ,0xebdfece6 ,0xebe3e8ea ,0xfb5fdc5e ,0xebe7ecee ,0xfdbff87a ,0xebebf8f2 ,0xfe0bc8ca ,0xebeffcf6 ,0xfd1fe8e2 ,0xebf3f8fa ,0xfdaffc76 ,0xebf7fcfe ,0xfd0fc8ca ,0xebfbc8c2 ,0xfb5be862 ,0xffe7ecee ,0xebffccc6 ,0xec03c8ca ,0xfe0fccce ,0xec07ccce ,0xec0bd8d2 ,0xfdbbf87a ,0xec0fdcd6 ,0xec13d8da ,0xfb5fec66 ,0xfdd7dcde ,0xec17dcde ,0xec1be8e2 ,0xfe0bd8d2 ,0xec1fece6 ,0xec23e8ea ,0xfdbffc7e ,0xec27ecee ,0xec2bf8f2 ,0xfb6be86a ,0xfbc7ccce ,0xec2ffcf6 ,0xec33f8fa ,0xfe0fdcd6 ,0xec37fcfe ,0xed3bc842 ,0xfdbbc8c2 ,0xed3fcc46 ,0xed43c84a ,0xfb6fec6e ,0xed47cc4e ,0xed4bd852 ,0xfe1bd8da ,0xed4fdc56 ,0xfd17dcde ,0xed53d85a ,0xfdbfccc6 ,0xed57dc5e ,0xed5be862 ,0xfb6bf872 ,0xed5fec66 ,0xed63e86a ,0xfe1fdcde ,0xed67ec6e ,0xff83c84a ,0xed6bf872 ,0xfdcbc8ca ,0xfddfe8e2 ,0xed6ffc76 ,0xfc1fd8da ,0xed73f87a ,0xfb6ffc76 ,0xed77fc7e ,0xfd5fd85a ,0xed7bc842 ,0xfe1be8e2 ,0xed7fcc46 ,0xff63e86a ,0xed83c84a ,0xfdcfccce ,0xffcfd8d2 ,0xed87cc4e ,0xed8bd852 ,0xfb7bf87a ,0xed8fdc56 ,0xff4fc84a ,0xed93d85a ,0xfe1fece6 ,0xed97dc5e ,0xfd53d85a ,0xed9be862 ,0xfdcbd8d2 ,0xed9fec66 ,0xeda3e86a ,0xfb7ffc7e ,0xeda7ec6e ,0xedabf872 ,0xfe2be8ea ,0xedaffc76 ,0xfb43c84a ,0xedb3f87a ,0xfdcfdcd6 ,0xedb7fc7e ,0xedbbc8c2 ,0xfb7bc842 ,0xedbfccc6 ,0xedc3c8ca ,0xfe2fecee ,0xedc7ccce ,0xfe3ff8fa ,0xedcbd8d2 ,0xfddbd8da ,0xedcfdcd6 ,0xff47c84a ,0xedd3d8da ,0xfb7fcc46 ,0xff87cc4e ,0xedd7dcde ,0xeddbe8e2 ,0xfe2bf8f2 ,0xffb7f87a ,0xeddfece6 ,0xfd2fe8ea ,0xffffc8c2 ,0xede3e8ea ,0xfddfdcde ,0xede7ecee ,0xfe33f8fa ,0xedebf8f2 ,0xfb8bc84a ,0xfd97dc5e ,0xedeffcf6 ,0xedf3f8fa ,0xfe2ffcf6 ,0xedf7fcfe ,0xff0fd8d2 ,0xff67ec6e ,0xedfbc8c2 ,0xfddbe8e2 ,0xedffccc6 ,0xfd23e8ea ,0xed03c8ca ,0xfb8fcc4e ,0xed07ccce ,0xfdafe86a ,0xed0bd8d2 ,0xfe3bf8fa ,0xed0fdcd6 ,0xfd57dc5e ,0xed13d8da ,0xfddfece6 ,0xed17dcde ,0xed1be8e2 ,0xfb8bd852 ,0xed1fece6 ,0xffbff87a ,0xed23e8ea ,0xfe3ffcfe ,0xed27ecee ,0xfb47cc4e ,0xed2bf8f2 ,0xfdebe8ea ,0xed2ffcf6 ,0xed33f8fa ,0xfb8fdc56 ,0xed37fcfe ,0xef3bc842 ,0xef3fcc46 ,0xef43c84a ,0xfdefecee ,0xef47cc4e ,0xef4bd852 ,0xfb9bd85a ,0xef4fdc56 ,0xef53d85a ,0xef57dc5e ,0xef5be862 ,0xfdebf8f2 ,0xfdefe8ea ,0xef5fec66 ,0xfe37fcfe ,0xef63e86a ,0xfb9fdc5e ,0xfff3f8fa ,0xef67ec6e ,0xfd5fe862 ,0xef6bf872 ,0xef6ffc76 ,0xfd07ccce ,0xef73f87a ,0xfdeffcf6 ,0xffdfd8da ,0xef77fc7e ,0xfd27ecee ,0xef7bc842 ,0xfb9be862 ,0xfde3e8ea ,0xef7fcc46 ,0xff4fd852 ,0xef83c84a ,0xfc07ccce ,0xef87cc4e ,0xfc17dcde ,0xef8bd852 ,0xfdfbf8fa ,0xef8fdc56 ,0xef93d85a ,0xfb9fec66 ,0xfbd3d8da ,0xef97dc5e ,0xfd9fe862 ,0xef9be862 ,0xef9fec66 ,0xefa3e86a ,0xfdfffcfe ,0xefa7ec6e ,0xefabf872 ,0xfbabe86a ,0xefaffc76 ,0xefb3f87a ,0xffd7d8da ,0xefb7fc7e ,0xefbbc8c2 ,0xfdfbc8c2 ,0xefbfccc6 ,0xefc3c8ca ,0xfbafec6e ,0xefc7ccce ,0xff93d85a ,0xefcbd8d2 ,0xefcfdcd6 ,0xfd2ff8f2 ,0xefd3d8da ,0xfdffccc6 ,0xefd7dcde ,0xefdbe8e2 ,0xfbabf872 ,0xfff7fcfe ,0xefdfece6 ,0xefe3e8ea ,0xffb3f87a ,0xefe7ecee ,0xfc1fe8e2 ,0xefebf8f2 ,0xfd0bc8ca ,0xefeffcf6 ,0xeff3f8fa ,0xfbaffc76 ,0xfde7ecee ,0xeff7fcfe ,0xeffbc8c2 ,0xfda3e86a ,0xefffccc6 ,0xee03c8ca ,0xfd0fccce ,0xee07ccce ,0xee0bd8d2 ,0xfbbbf87a ,0xfbd7dcde ,0xee0fdcd6 ,0xee13d8da ,0xee17dcde ,0xee1be8e2 ,0xfd0bd8d2 ,0xee1fece6 ,0xee23e8ea ,0xfbbffc7e ,0xee27ecee ,0xee2bf8f2 ,0xee2ffcf6 ,0xee33f8fa ,0xfd0fdcd6 ,0xee37fcfe ,0xfbbbc8c2 ,0xffafe86a ,0xfd1bd8da ,0xfdeff8f2 ,0xfbbfccc6 ,0xfd6fe86a ,0xffb7fc7e ,0xff73f87a ,0xff1fd8da ,0xfd1fdcde ,0xffdfe8e2 ,0xfbcbc8ca ,0xff5fd85a ,0xfda7ec6e ,0xfd63e86a ,0xfd1be8e2 ,0xfbcfccce ,0xfb97dc5e ,0xfb53d85a ,0xfd1fece6 ,0xfbb7fc7e ,0xfbcbd8d2 ,0xfd2be8ea ,0xff57d85a ,0xfbcfdcd6 ,0xfd3ff8fa ,0xfd2fecee ,0xfdffc8c2 ,0xfbdbd8da ,0xff9fe862 ,0xfc2fe8ea ,0xff77fc7e ,0xfe0fc8ca ,0xfd2bf8f2 ,0xfd33f8fa ,0xfbdfdcde ,0xffaff872 ,0xfd67ec6e ,0xfd2ffcf6 ,0xfc23e8ea ,0xfbdbe8e2 ,0xfd9fd85a ,0xef03c8ca ,0xff13d8da ,0xef07ccce ,0xfb57dc5e ,0xef0bd8d2 ,0xfd3bf8fa ,0xef0fdcd6 ,0xef13d8da ,0xfbdfece6 ,0xef17dcde ,0xef1be8e2 ,0xef1fece6 ,0xef23e8ea ,0xfd3ffcfe ,0xef27ecee ,0xef2bf8f2 ,0xfbebe8ea ,0xffa3e86a ,0xef2ffcf6 ,0xfd8fc84a ,0xef33f8fa ,0xef37fcfe ,0xef3fc842 ,0xff3bc842 ,0xfdfff8fa ,0xfc0fd8d2 ,0xef47c84a ,0xfbefecee ,0xfe03c8ca ,0xff9fd85a ,0xff03c8ca ,0xfd6ff872 ,0xef4fd852 ,0xef57d85a ,0xff3fcc46 ,0xffefe8ea ,0xfd37fcfe ,0xef5fe862 ,0xfbebf8f2 ,0xfdf3f8fa ,0xfe13d8da ,0xff5fe862 ,0xef67e86a ,0xef6ff872 ,0xff4bc84a ,0xfc27ecee ,0xef77f87a ,0xfbeffcf6 ,0xfbe3e8ea ,0xff8fc84a ,0xef7fc842 ,0xef87c84a ,0xff4fcc4e ,0xef8fd852 ,0xfbfbf8fa ,0xef97d85a ,0xffe7e8ea ,0xef9fe862 ,0xff4bd852 ,0xfd93d85a ,0xefa7e86a ,0xfbfffcfe ,0xff17dcde ,0xefaff872 ,0xefb7f87a ,0xefbfc8c2 ,0xfbfbc8c2 ,0xfe07ccce ,0xfd7fc842 ,0xefc7c8ca ,0xffc3c8ca ,0xfc2ff8f2 ,0xff0fc8ca ,0xefcfd8d2 ,0xff5bd85a ,0xefd7d8da ,0xfbffccc6 ,0xfdf7fcfe ,0xff8fd852 ,0xefdfe8e2 ,0xfdb3f87a ,0xefe7e8ea ,0xff5fdc5e ,0xefeff8f2 ,0xfc0bc8ca ,0xfbe7ecee ,0xeff7f8fa ,0xfba3e86a ,0xefffc8c2 ,0xff5be862 ,0xff1fe8e2 ,0xf407c8ca ,0xfc0fccce ,0xf407ccce ,0xf40fd8d2 ,0xf40fdcd6 ,0xf417d8da ,0xff5fec66 ,0xf417dcde ,0xfb83c84a ,0xf41fe8e2 ,0xfc0bd8d2 ,0xf41fece6 ,0xf427e8ea ,0xf427ecee ,0xf42ff8f2 ,0xff6be86a ,0xf42ffcf6 ,0xf437f8fa ,0xfc0fdcd6 ,0xf437fcfe ,0xfd7ff87a ,0xf53fc842 ,0xffc7ccce ,0xf53fcc46 ,0xfe1fd8da ,0xf547c84a ,0xff6fec6e ,0xffeff8f2 ,0xf547cc4e ,0xf54fd852 ,0xfc1bd8da ,0xf54fdc56 ,0xff6fe86a ,0xf557d85a ,0xfdb7fc7e ,0xf557dc5e ,0xfd73f87a ,0xf55fe862 ,0xff6bf872 ,0xf55fec66 ,0xf567e86a ,0xfc1fdcde ,0xf567ec6e ,0xf56ff872 ,0xfba7ec6e ,0xf56ffc76 ,0xfb63e86a ,0xf577f87a ,0xff6ffc76 ,0xf577fc7e ,0xf57fc842 ,0xfc1be8e2 ,0xf57fcc46 ,0xf587c84a ,0xf587cc4e ,0xf58fd852 ,0xff7bf87a ,0xf58fdc56 ,0xff67e86a ,0xf597d85a ,0xfc1fece6 ,0xf597dc5e ,0xfd13d8da ,0xf59fe862 ,0xf59fec66 ,0xf5a7e86a ,0xff7ffc7e ,0xf5a7ec6e ,0xf5aff872 ,0xfc2be8ea ,0xfdbfc8c2 ,0xf5affc76 ,0xf5b7f87a ,0xf5b7fc7e ,0xfc3ff8fa ,0xff87c84a ,0xf5bfc8c2 ,0xff7bc842 ,0xf5bfccc6 ,0xff43c84a ,0xf5c7c8ca ,0xfc2fecee ,0xf5c7ccce ,0xf5cfd8d2 ,0xf5cfdcd6 ,0xfd77fc7e ,0xf5d7d8da ,0xff7fcc46 ,0xf5d7dcde ,0xfc33f8fa ,0xf5dfe8e2 ,0xfc2bf8f2 ,0xf5dfece6 ,0xf5e7e8ea ,0xf5e7ecee ,0xfb67ec6e ,0xf5eff8f2 ,0xff8bc84a ,0xf5effcf6 ,0xff2fe8ea ,0xf5f7f8fa ,0xfc2ffcf6 ,0xf5f7fcfe ,0xf5ffc8c2 ,0xf5ffccc6 ,0xf507c8ca ,0xff8fcc4e ,0xf507ccce ,0xf50fd8d2 ,0xfc3bf8fa ,0xf50fdcd6 ,0xff23e8ea ,0xf517d8da ,0xf517dcde ,0xf51fe8e2 ,0xff8bd852 ,0xf51fece6 ,0xf527e8ea ,0xfc3ffcfe ,0xf527ecee ,0xfd0fd8d2 ,0xf52ff8f2 ,0xf52ffcf6 ,0xf537f8fa ,0xff8fdc56 ,0xfffff8fa ,0xf537fcfe ,0xff47cc4e ,0xf73fc842 ,0xfd3bc842 ,0xf73fcc46 ,0xff6ff872 ,0xf747c84a ,0xf747cc4e ,0xf74fd852 ,0xff9bd85a ,0xf74fdc56 ,0xfc37fcfe ,0xf757d85a ,0xfd3fcc46 ,0xfbf3f8fa ,0xf757dc5e ,0xf75fe862 ,0xf75fec66 ,0xf767e86a ,0xff9fdc5e ,0xf767ec6e ,0xf76ff872 ,0xfd4bc84a ,0xf76ffc76 ,0xfdaff872 ,0xf777f87a ,0xfff7f8fa ,0xf777fc7e ,0xfb93d85a ,0xf77fc842 ,0xff9be862 ,0xf77fcc46 ,0xf787c84a ,0xfd4fcc4e ,0xffa7ec6e ,0xf787cc4e ,0xff27ecee ,0xf78fd852 ,0xf78fdc56 ,0xf797d85a ,0xff9fec66 ,0xf797dc5e ,0xf79fe862 ,0xfd4bd852 ,0xfdcfc8ca ,0xf79fec66 ,0xf7a7e86a ,0xffd3d8da ,0xf7a7ec6e ,0xfd3fc842 ,0xf7aff872 ,0xffabe86a ,0xf7affc76 ,0xf7b7f87a ,0xfd4fdc56 ,0xf7b7fc7e ,0xfd03c8ca ,0xf7bfc8c2 ,0xfdc3c8ca ,0xf7bfccc6 ,0xf7c7c8ca ,0xffafec6e ,0xf7c7ccce ,0xf7cfd8d2 ,0xfd5bd85a ,0xfbf7fcfe ,0xf7cfdcd6 ,0xfc13d8da ,0xf7d7d8da ,0xfbb3f87a ,0xf7d7dcde ,0xf7dfe8e2 ,0xffabf872 ,0xf7dfece6 ,0xff2ff8f2 ,0xf7e7e8ea ,0xfd5fdc5e ,0xf7e7ecee ,0xf7eff8f2 ,0xff0bc8ca ,0xf7effcf6 ,0xf7f7f8fa ,0xffaffc76 ,0xf7f7fcfe ,0xfe1fe8e2 ,0xf7ffc8c2 ,0xfd5be862 ,0xf7ffccc6 ,0xf607c8ca ,0xff0fccce ,0xf607ccce ,0xf60fd8d2 ,0xffbbf87a ,0xf60fdcd6 ,0xf617d8da ,0xfd5fec66 ,0xf617dcde ,0xff97d85a ,0xf61fe8e2 ,0xff0bd8d2 ,0xffd7dcde ,0xf61fece6 ,0xf627e8ea ,0xffbffc7e ,0xf627ecee ,0xf62ff8f2 ,0xfd6be86a ,0xf62ffcf6 ,0xff7ff87a ,0xf637f8fa ,0xff0fdcd6 ,0xfdc7ccce ,0xf637fcfe ,0xfd83c84a ,0xffbbc8c2 ,0xfd6fec6e ,0xff1bd8da ,0xfd8fd852 ,0xfb73f87a ,0xffbfccc6 ,0xfd6bf872 ,0xff1fdcde ,0xffcbc8ca ,0xfb87cc4e ,0xff77f87a ,0xfd6ffc76 ,0xff1be8e2 ,0xffcfccce ,0xfc0fc8ca ,0xfd7bf87a ,0xfdcfd8d2 ,0xfe17dcde ,0xff1fece6 ,0xfd4fc84a ,0xff97dc5e ,0xffcbd8d2 ,0xff53d85a ,0xfd7ffc7e ,0xffbfc8c2 ,0xff2be8ea ,0xfd87cc4e ,0xffcfdcd6 ,0xfd43c84a ,0xfd7bc842 ,0xff2fecee ,0xff7fc842 ,0xfb77fc7e ,0xffdbd8da ,0xff3ff8fa ,0xfd7fcc46 ,0xff2bf8f2 ,0xffdfdcde ,0xfe2fe8ea ,0xfd8bc84a ,0xff33f8fa ,0xfc03c8ca ,0xff2ffcf6 ,0xffdbe8e2 ,0xfd1fd8da ,0xff07ccce ,0xf707c8ca ,0xfd8fcc4e ,0xf707ccce ,0xfe23e8ea ,0xf70fd8d2 ,0xff3bf8fa ,0xf70fdcd6 ,0xfe0fd8d2 ,0xf717d8da ,0xffdfece6 ,0xf717dcde ,0xff57dc5e ,0xf71fe8e2 ,0xfd8bd852 ,0xf71fece6 ,0xf727e8ea ,0xff3ffcfe ,0xf727ecee ,0xf72ff8f2 ,0xffebe8ea ,0xf72ffcf6 ,0xfd47cc4e ,0xf737f8fa ,0xfd8fdc56 ,0xf737fcfe ])

# f = open("out").read()
# def xor(a,b):
#     return "".join(map(chr,([ord(a[i%4])^ord(b[i]) for i in xrange(len(b))])))

# for i in s:
#     open(hex(i),"w").write(xor(struct.pack("<I",i),f))


import subprocess
for i in t:
    print i, hex(ctypes.c_uint32((((i & 0xFFC) << 16) - 0x14C437BE) ^ ((i & 0xF0) << 8) | ((i & 0xFFC) << 8) |  ((i >> 8) << 24) |  i & 0xFC).value)
    d = subprocess.Popen("gdb -ex 'py rax = " + str(i) + "' -x ./gg.py ", shell=True, stdout=subprocess.PIPE).stdout.read().strip()
    print ":::::",i,d

## gg.py
import gdb

class MyBreakpoint(gdb.Breakpoint):
    def stop (self):
        return True

gdb.execute('file ./OS.BIN')
gdb.execute("set environment LD_PRELOAD /home/sudhakar/tools/preeny/x86_64-linux-gnu/desleep.so")
MyBreakpoint("*0x400a62")
gdb.execute("run")
gdb.execute('set $rax=0x%x' % rax)
gdb.execute("continue")
gdb.execute('quit')

## solve.py
t = set([0xa14 ,0xa15 ,0xa16 ,0xa17 ,0xb14 ,0xb15 ,0xb16 ,0xb17 ,0xc14 ,0xc15 ,0xc16 ,0xc17 ,0xe14 ,0xe15 ,0xe16 ,0xe17 ,0xf14 ,0xf15 ,0xf16 ,0xf17 ,0x1214 ,0x1215 ,0x1216 ,0x1217 ,0x1314 ,0x1315 ,0x1316 ,0x1317 ,0x1414 ,0x1415 ,0x1416 ,0x1417 ,0x1a14 ,0x1a15 ,0x1a16 ,0x1a17 ,0x1b14 ,0x1b15 ,0x1b16 ,0x1b17 ,0x1c14 ,0x1c15 ,0x1c16 ,0x1c17 ,0x1e14 ,0x1e15 ,0x1e16 ,0x1e17 ,0x1f14 ,0x1f15 ,0x1f16 ,0x1f17 ,0x2a14 ,0x2a15 ,0x2a16 ,0x2a17 ,0x2b14 ,0x2b15 ,0x2b16 ,0x2b17 ,0x2c14 ,0x2c15 ,0x2c16 ,0x2c17 ,0x2e14 ,0x2e15 ,0x2e16 ,0x2e17 ,0x2f14 ,0x2f15 ,0x2f16 ,0x2f17 ,0x3214 ,0x3215 ,0x3216 ,0x3217 ,0x3314 ,0x3315 ,0x3316 ,0x3317 ,0x3414 ,0x3415 ,0x3416 ,0x3417 ,0x3a14 ,0x3a15 ,0x3a16 ,0x3a17 ,0x3b14 ,0x3b15 ,0x3b16 ,0x3b17 ,0x3c14 ,0x3c15 ,0x3c16 ,0x3c17 ,0x3e14 ,0x3e15 ,0x3e16 ,0x3e17 ,0x3f14 ,0x3f15 ,0x3f16 ,0x3f17 ,0x4a14 ,0x4a15 ,0x4a16 ,0x4a17 ,0x4b14 ,0x4b15 ,0x4b16 ,0x4b17 ,0x4c14 ,0x4c15 ,0x4c16 ,0x4c17 ,0x4e14 ,0x4e15 ,0x4e16 ,0x4e17 ,0x4f14 ,0x4f15 ,0x4f16 ,0x4f17 ,0x5214 ,0x5215 ,0x5216 ,0x5217 ,0x5314 ,0x5315 ,0x5316 ,0x5317 ,0x5414 ,0x5415 ,0x5416 ,0x5417 ,0x5a14 ,0x5a15 ,0x5a16 ,0x5a17 ,0x5b14 ,0x5b15 ,0x5b16 ,0x5b17 ,0x5c14 ,0x5c15 ,0x5c16 ,0x5c17 ,0x5e14 ,0x5e15 ,0x5e16 ,0x5e17 ,0x5f14 ,0x5f15 ,0x5f16 ,0x5f17 ,0x6a14 ,0x6a15 ,0x6a16 ,0x6a17 ,0x6b14 ,0x6b15 ,0x6b16 ,0x6b17 ,0x6c14 ,0x6c15 ,0x6c16 ,0x6c17 ,0x6e14 ,0x6e15 ,0x6e16 ,0x6e17 ,0x6f14 ,0x6f15 ,0x6f16 ,0x6f17 ,0x7214 ,0x7215 ,0x7216 ,0x7217 ,0x7314 ,0x7315 ,0x7316 ,0x7317 ,0x7414 ,0x7415 ,0x7416 ,0x7417 ,0x7a14 ,0x7a15 ,0x7a16 ,0x7a17 ,0x7b14 ,0x7b15 ,0x7b16 ,0x7b17 ,0x7c14 ,0x7c15 ,0x7c16 ,0x7c17 ,0x7e14 ,0x7e15 ,0x7e16 ,0x7e17 ,0x7f14 ,0x7f15 ,0x7f16 ,0x7f17 ,0x8a14 ,0x8a15 ,0x8a16 ,0x8a17 ,0x8b14 ,0x8b15 ,0x8b16 ,0x8b17 ,0x8c14 ,0x8c15 ,0x8c16 ,0x8c17 ,0x8e14 ,0x8e15 ,0x8e16 ,0x8e17 ,0x8f14 ,0x8f15 ,0x8f16 ,0x8f17 ,0x9214 ,0x9215 ,0x9216 ,0x9217 ,0x9314 ,0x9315 ,0x9316 ,0x9317 ,0x9414 ,0x9415 ,0x9416 ,0x9417 ,0x9a14 ,0x9a15 ,0x9a16 ,0x9a17 ,0x9b14 ,0x9b15 ,0x9b16 ,0x9b17 ,0x9c14 ,0x9c15 ,0x9c16 ,0x9c17 ,0x9e14 ,0x9e15 ,0x9e16 ,0x9e17 ,0x9f14 ,0x9f15 ,0x9f16 ,0x9f17 ,0xaa14 ,0xaa15 ,0xaa16 ,0xaa17 ,0xab14 ,0xab15 ,0xab16 ,0xab17 ,0xac14 ,0xac15 ,0xac16 ,0xac17 ,0xae14 ,0xae15 ,0xae16 ,0xae17 ,0xaf14 ,0xaf15 ,0xaf16 ,0xaf17 ,0xb214 ,0xb215 ,0xb216 ,0xb217 ,0xb314 ,0xb315 ,0xb316 ,0xb317 ,0xb414 ,0xb415 ,0xb416 ,0xb417 ,0xba14 ,0xba15 ,0xba16 ,0xba17 ,0xbb14 ,0xbb15 ,0xbb16 ,0xbb17 ,0xbc14 ,0xbc15 ,0xbc16 ,0xbc17 ,0xbe14 ,0xbe15 ,0xbe16 ,0xbe17 ,0xbf14 ,0xbf15 ,0xbf16 ,0xbf17 ,0xca14 ,0xca15 ,0xca16 ,0xca17 ,0xcb14 ,0xcb15 ,0xcb16 ,0xcb17 ,0xcc14 ,0xcc15 ,0xcc16 ,0xcc17 ,0xce14 ,0xce15 ,0xce16 ,0xce17 ,0xcf14 ,0xcf15 ,0xcf16 ,0xcf17 ,0xd214 ,0xd215 ,0xd216 ,0xd217 ,0xd314 ,0xd315 ,0xd316 ,0xd317 ,0xd414 ,0xd415 ,0xd416 ,0xd417 ,0xda14 ,0xda15 ,0xda16 ,0xda17 ,0xdb14 ,0xdb15 ,0xdb16 ,0xdb17 ,0xdc14 ,0xdc15 ,0xdc16 ,0xdc17 ,0xde14 ,0xde15 ,0xde16 ,0xde17 ,0xdf14 ,0xdf15 ,0xdf16 ,0xdf17 ,0xea14 ,0xea15 ,0xea16 ,0xea17 ,0xeb14 ,0xeb15 ,0xeb16 ,0xeb17 ,0xec14 ,0xec15 ,0xec16 ,0xec17 ,0xee14 ,0xee15 ,0xee16 ,0xee17 ,0xef14 ,0xef15 ,0xef16 ,0xef17 ,0xf214 ,0xf215 ,0xf216 ,0xf217 ,0xf314 ,0xf315 ,0xf316 ,0xf317 ,0xf414 ,0xf415 ,0xf416 ,0xf417 ,0xfa14 ,0xfa15 ,0xfa16 ,0xfa17 ,0xfb14 ,0xfb15 ,0xfb16 ,0xfb17 ,0xfc14 ,0xfc15 ,0xfc16 ,0xfc17 ,0xfe14 ,0xfe15 ,0xfe16 ,0xfe17 ,0xff14 ,0xff15 ,0xff16 ,0xff17])

from pwn import *
import time
while True:
    x = int(time.time())
    if (x+5)%0x10000 in t:
        s = remote('chal1.swampctf.com',1313)
        print s.recvall()
	import ctypes
	import struct

	s = set()
	t = set()
	for x in range(2**16):
	y = (((x & 0xFFC) << 16) - 0x14C437BE) ^ ((x & 0xF0) << 8) \| ((x & 0xFFC) << 8) \| ((x >> 8) << 24) \| x & 0xFC
	y = ctypes.c_uint32(y).value
	# print hex(x), hex(y)
	if not y in s:
	t.add(x)
	s.add(y)

	print len(s), len(t)
	# u = set([0xeb3bc842 ,0xfb3bc842 ,0xeb3fcc46 ,0xeb43c84a ,0xffefecee ,0xeb47cc4e ,0xeb4bd852 ,0xfd9bd85a ,0xeb4fdc56 ,0xeb53d85a ,0xfb3fcc46 ,0xeb57dc5e ,0xeb5be862 ,0xffebf8f2 ,0xeb5fec66 ,0xeb63e86a ,0xfd9fdc5e ,0xeb67ec6e ,0xff37fcfe ,0xeb6bf872 ,0xfb4bc84a ,0xeb6ffc76 ,0xeb73f87a ,0xffeffcf6 ,0xeb77fc7e ,0xeb7bc842 ,0xfd9be862 ,0xfddfd8da ,0xffa7e86a ,0xeb7fcc46 ,0xfe27ecee ,0xeb83c84a ,0xfb4fcc4e ,0xffe3e8ea ,0xeb87cc4e ,0xfd4fd852 ,0xeb8bd852 ,0xfffbf8fa ,0xeb8fdc56 ,0xeb93d85a ,0xfd9fec66 ,0xffcfc8ca ,0xeb97dc5e ,0xeb9be862 ,0xfb4bd852 ,0xfdd3d8da ,0xeb9fec66 ,0xff3fc842 ,0xeba3e86a ,0xfffffcfe ,0xeba7ec6e ,0xebabf872 ,0xfdabe86a ,0xebaffc76 ,0xebb3f87a ,0xfb4fdc56 ,0xfbc3c8ca ,0xebb7fc7e ,0xebbbc8c2 ,0xfffbc8c2 ,0xebbfccc6 ,0xebc3c8ca ,0xfdafec6e ,0xebc7ccce ,0xebcbd8d2 ,0xfb5bd85a ,0xebcfdcd6 ,0xebd3d8da ,0xffffccc6 ,0xffc7c8ca ,0xebd7dcde ,0xfe2ff8f2 ,0xebdbe8e2 ,0xfdabf872 ,0xebdfece6 ,0xebe3e8ea ,0xfb5fdc5e ,0xebe7ecee ,0xfdbff87a ,0xebebf8f2 ,0xfe0bc8ca ,0xebeffcf6 ,0xfd1fe8e2 ,0xebf3f8fa ,0xfdaffc76 ,0xebf7fcfe ,0xfd0fc8ca ,0xebfbc8c2 ,0xfb5be862 ,0xffe7ecee ,0xebffccc6 ,0xec03c8ca ,0xfe0fccce ,0xec07ccce ,0xec0bd8d2 ,0xfdbbf87a ,0xec0fdcd6 ,0xec13d8da ,0xfb5fec66 ,0xfdd7dcde ,0xec17dcde ,0xec1be8e2 ,0xfe0bd8d2 ,0xec1fece6 ,0xec23e8ea ,0xfdbffc7e ,0xec27ecee ,0xec2bf8f2 ,0xfb6be86a ,0xfbc7ccce ,0xec2ffcf6 ,0xec33f8fa ,0xfe0fdcd6 ,0xec37fcfe ,0xed3bc842 ,0xfdbbc8c2 ,0xed3fcc46 ,0xed43c84a ,0xfb6fec6e ,0xed47cc4e ,0xed4bd852 ,0xfe1bd8da ,0xed4fdc56 ,0xfd17dcde ,0xed53d85a ,0xfdbfccc6 ,0xed57dc5e ,0xed5be862 ,0xfb6bf872 ,0xed5fec66 ,0xed63e86a ,0xfe1fdcde ,0xed67ec6e ,0xff83c84a ,0xed6bf872 ,0xfdcbc8ca ,0xfddfe8e2 ,0xed6ffc76 ,0xfc1fd8da ,0xed73f87a ,0xfb6ffc76 ,0xed77fc7e ,0xfd5fd85a ,0xed7bc842 ,0xfe1be8e2 ,0xed7fcc46 ,0xff63e86a ,0xed83c84a ,0xfdcfccce ,0xffcfd8d2 ,0xed87cc4e ,0xed8bd852 ,0xfb7bf87a ,0xed8fdc56 ,0xff4fc84a ,0xed93d85a ,0xfe1fece6 ,0xed97dc5e ,0xfd53d85a ,0xed9be862 ,0xfdcbd8d2 ,0xed9fec66 ,0xeda3e86a ,0xfb7ffc7e ,0xeda7ec6e ,0xedabf872 ,0xfe2be8ea ,0xedaffc76 ,0xfb43c84a ,0xedb3f87a ,0xfdcfdcd6 ,0xedb7fc7e ,0xedbbc8c2 ,0xfb7bc842 ,0xedbfccc6 ,0xedc3c8ca ,0xfe2fecee ,0xedc7ccce ,0xfe3ff8fa ,0xedcbd8d2 ,0xfddbd8da ,0xedcfdcd6 ,0xff47c84a ,0xedd3d8da ,0xfb7fcc46 ,0xff87cc4e ,0xedd7dcde ,0xeddbe8e2 ,0xfe2bf8f2 ,0xffb7f87a ,0xeddfece6 ,0xfd2fe8ea ,0xffffc8c2 ,0xede3e8ea ,0xfddfdcde ,0xede7ecee ,0xfe33f8fa ,0xedebf8f2 ,0xfb8bc84a ,0xfd97dc5e ,0xedeffcf6 ,0xedf3f8fa ,0xfe2ffcf6 ,0xedf7fcfe ,0xff0fd8d2 ,0xff67ec6e ,0xedfbc8c2 ,0xfddbe8e2 ,0xedffccc6 ,0xfd23e8ea ,0xed03c8ca ,0xfb8fcc4e ,0xed07ccce ,0xfdafe86a ,0xed0bd8d2 ,0xfe3bf8fa ,0xed0fdcd6 ,0xfd57dc5e ,0xed13d8da ,0xfddfece6 ,0xed17dcde ,0xed1be8e2 ,0xfb8bd852 ,0xed1fece6 ,0xffbff87a ,0xed23e8ea ,0xfe3ffcfe ,0xed27ecee ,0xfb47cc4e ,0xed2bf8f2 ,0xfdebe8ea ,0xed2ffcf6 ,0xed33f8fa ,0xfb8fdc56 ,0xed37fcfe ,0xef3bc842 ,0xef3fcc46 ,0xef43c84a ,0xfdefecee ,0xef47cc4e ,0xef4bd852 ,0xfb9bd85a ,0xef4fdc56 ,0xef53d85a ,0xef57dc5e ,0xef5be862 ,0xfdebf8f2 ,0xfdefe8ea ,0xef5fec66 ,0xfe37fcfe ,0xef63e86a ,0xfb9fdc5e ,0xfff3f8fa ,0xef67ec6e ,0xfd5fe862 ,0xef6bf872 ,0xef6ffc76 ,0xfd07ccce ,0xef73f87a ,0xfdeffcf6 ,0xffdfd8da ,0xef77fc7e ,0xfd27ecee ,0xef7bc842 ,0xfb9be862 ,0xfde3e8ea ,0xef7fcc46 ,0xff4fd852 ,0xef83c84a ,0xfc07ccce ,0xef87cc4e ,0xfc17dcde ,0xef8bd852 ,0xfdfbf8fa ,0xef8fdc56 ,0xef93d85a ,0xfb9fec66 ,0xfbd3d8da ,0xef97dc5e ,0xfd9fe862 ,0xef9be862 ,0xef9fec66 ,0xefa3e86a ,0xfdfffcfe ,0xefa7ec6e ,0xefabf872 ,0xfbabe86a ,0xefaffc76 ,0xefb3f87a ,0xffd7d8da ,0xefb7fc7e ,0xefbbc8c2 ,0xfdfbc8c2 ,0xefbfccc6 ,0xefc3c8ca ,0xfbafec6e ,0xefc7ccce ,0xff93d85a ,0xefcbd8d2 ,0xefcfdcd6 ,0xfd2ff8f2 ,0xefd3d8da ,0xfdffccc6 ,0xefd7dcde ,0xefdbe8e2 ,0xfbabf872 ,0xfff7fcfe ,0xefdfece6 ,0xefe3e8ea ,0xffb3f87a ,0xefe7ecee ,0xfc1fe8e2 ,0xefebf8f2 ,0xfd0bc8ca ,0xefeffcf6 ,0xeff3f8fa ,0xfbaffc76 ,0xfde7ecee ,0xeff7fcfe ,0xeffbc8c2 ,0xfda3e86a ,0xefffccc6 ,0xee03c8ca ,0xfd0fccce ,0xee07ccce ,0xee0bd8d2 ,0xfbbbf87a ,0xfbd7dcde ,0xee0fdcd6 ,0xee13d8da ,0xee17dcde ,0xee1be8e2 ,0xfd0bd8d2 ,0xee1fece6 ,0xee23e8ea ,0xfbbffc7e ,0xee27ecee ,0xee2bf8f2 ,0xee2ffcf6 ,0xee33f8fa ,0xfd0fdcd6 ,0xee37fcfe ,0xfbbbc8c2 ,0xffafe86a ,0xfd1bd8da ,0xfdeff8f2 ,0xfbbfccc6 ,0xfd6fe86a ,0xffb7fc7e ,0xff73f87a ,0xff1fd8da ,0xfd1fdcde ,0xffdfe8e2 ,0xfbcbc8ca ,0xff5fd85a ,0xfda7ec6e ,0xfd63e86a ,0xfd1be8e2 ,0xfbcfccce ,0xfb97dc5e ,0xfb53d85a ,0xfd1fece6 ,0xfbb7fc7e ,0xfbcbd8d2 ,0xfd2be8ea ,0xff57d85a ,0xfbcfdcd6 ,0xfd3ff8fa ,0xfd2fecee ,0xfdffc8c2 ,0xfbdbd8da ,0xff9fe862 ,0xfc2fe8ea ,0xff77fc7e ,0xfe0fc8ca ,0xfd2bf8f2 ,0xfd33f8fa ,0xfbdfdcde ,0xffaff872 ,0xfd67ec6e ,0xfd2ffcf6 ,0xfc23e8ea ,0xfbdbe8e2 ,0xfd9fd85a ,0xef03c8ca ,0xff13d8da ,0xef07ccce ,0xfb57dc5e ,0xef0bd8d2 ,0xfd3bf8fa ,0xef0fdcd6 ,0xef13d8da ,0xfbdfece6 ,0xef17dcde ,0xef1be8e2 ,0xef1fece6 ,0xef23e8ea ,0xfd3ffcfe ,0xef27ecee ,0xef2bf8f2 ,0xfbebe8ea ,0xffa3e86a ,0xef2ffcf6 ,0xfd8fc84a ,0xef33f8fa ,0xef37fcfe ,0xef3fc842 ,0xff3bc842 ,0xfdfff8fa ,0xfc0fd8d2 ,0xef47c84a ,0xfbefecee ,0xfe03c8ca ,0xff9fd85a ,0xff03c8ca ,0xfd6ff872 ,0xef4fd852 ,0xef57d85a ,0xff3fcc46 ,0xffefe8ea ,0xfd37fcfe ,0xef5fe862 ,0xfbebf8f2 ,0xfdf3f8fa ,0xfe13d8da ,0xff5fe862 ,0xef67e86a ,0xef6ff872 ,0xff4bc84a ,0xfc27ecee ,0xef77f87a ,0xfbeffcf6 ,0xfbe3e8ea ,0xff8fc84a ,0xef7fc842 ,0xef87c84a ,0xff4fcc4e ,0xef8fd852 ,0xfbfbf8fa ,0xef97d85a ,0xffe7e8ea ,0xef9fe862 ,0xff4bd852 ,0xfd93d85a ,0xefa7e86a ,0xfbfffcfe ,0xff17dcde ,0xefaff872 ,0xefb7f87a ,0xefbfc8c2 ,0xfbfbc8c2 ,0xfe07ccce ,0xfd7fc842 ,0xefc7c8ca ,0xffc3c8ca ,0xfc2ff8f2 ,0xff0fc8ca ,0xefcfd8d2 ,0xff5bd85a ,0xefd7d8da ,0xfbffccc6 ,0xfdf7fcfe ,0xff8fd852 ,0xefdfe8e2 ,0xfdb3f87a ,0xefe7e8ea ,0xff5fdc5e ,0xefeff8f2 ,0xfc0bc8ca ,0xfbe7ecee ,0xeff7f8fa ,0xfba3e86a ,0xefffc8c2 ,0xff5be862 ,0xff1fe8e2 ,0xf407c8ca ,0xfc0fccce ,0xf407ccce ,0xf40fd8d2 ,0xf40fdcd6 ,0xf417d8da ,0xff5fec66 ,0xf417dcde ,0xfb83c84a ,0xf41fe8e2 ,0xfc0bd8d2 ,0xf41fece6 ,0xf427e8ea ,0xf427ecee ,0xf42ff8f2 ,0xff6be86a ,0xf42ffcf6 ,0xf437f8fa ,0xfc0fdcd6 ,0xf437fcfe ,0xfd7ff87a ,0xf53fc842 ,0xffc7ccce ,0xf53fcc46 ,0xfe1fd8da ,0xf547c84a ,0xff6fec6e ,0xffeff8f2 ,0xf547cc4e ,0xf54fd852 ,0xfc1bd8da ,0xf54fdc56 ,0xff6fe86a ,0xf557d85a ,0xfdb7fc7e ,0xf557dc5e ,0xfd73f87a ,0xf55fe862 ,0xff6bf872 ,0xf55fec66 ,0xf567e86a ,0xfc1fdcde ,0xf567ec6e ,0xf56ff872 ,0xfba7ec6e ,0xf56ffc76 ,0xfb63e86a ,0xf577f87a ,0xff6ffc76 ,0xf577fc7e ,0xf57fc842 ,0xfc1be8e2 ,0xf57fcc46 ,0xf587c84a ,0xf587cc4e ,0xf58fd852 ,0xff7bf87a ,0xf58fdc56 ,0xff67e86a ,0xf597d85a ,0xfc1fece6 ,0xf597dc5e ,0xfd13d8da ,0xf59fe862 ,0xf59fec66 ,0xf5a7e86a ,0xff7ffc7e ,0xf5a7ec6e ,0xf5aff872 ,0xfc2be8ea ,0xfdbfc8c2 ,0xf5affc76 ,0xf5b7f87a ,0xf5b7fc7e ,0xfc3ff8fa ,0xff87c84a ,0xf5bfc8c2 ,0xff7bc842 ,0xf5bfccc6 ,0xff43c84a ,0xf5c7c8ca ,0xfc2fecee ,0xf5c7ccce ,0xf5cfd8d2 ,0xf5cfdcd6 ,0xfd77fc7e ,0xf5d7d8da ,0xff7fcc46 ,0xf5d7dcde ,0xfc33f8fa ,0xf5dfe8e2 ,0xfc2bf8f2 ,0xf5dfece6 ,0xf5e7e8ea ,0xf5e7ecee ,0xfb67ec6e ,0xf5eff8f2 ,0xff8bc84a ,0xf5effcf6 ,0xff2fe8ea ,0xf5f7f8fa ,0xfc2ffcf6 ,0xf5f7fcfe ,0xf5ffc8c2 ,0xf5ffccc6 ,0xf507c8ca ,0xff8fcc4e ,0xf507ccce ,0xf50fd8d2 ,0xfc3bf8fa ,0xf50fdcd6 ,0xff23e8ea ,0xf517d8da ,0xf517dcde ,0xf51fe8e2 ,0xff8bd852 ,0xf51fece6 ,0xf527e8ea ,0xfc3ffcfe ,0xf527ecee ,0xfd0fd8d2 ,0xf52ff8f2 ,0xf52ffcf6 ,0xf537f8fa ,0xff8fdc56 ,0xfffff8fa ,0xf537fcfe ,0xff47cc4e ,0xf73fc842 ,0xfd3bc842 ,0xf73fcc46 ,0xff6ff872 ,0xf747c84a ,0xf747cc4e ,0xf74fd852 ,0xff9bd85a ,0xf74fdc56 ,0xfc37fcfe ,0xf757d85a ,0xfd3fcc46 ,0xfbf3f8fa ,0xf757dc5e ,0xf75fe862 ,0xf75fec66 ,0xf767e86a ,0xff9fdc5e ,0xf767ec6e ,0xf76ff872 ,0xfd4bc84a ,0xf76ffc76 ,0xfdaff872 ,0xf777f87a ,0xfff7f8fa ,0xf777fc7e ,0xfb93d85a ,0xf77fc842 ,0xff9be862 ,0xf77fcc46 ,0xf787c84a ,0xfd4fcc4e ,0xffa7ec6e ,0xf787cc4e ,0xff27ecee ,0xf78fd852 ,0xf78fdc56 ,0xf797d85a ,0xff9fec66 ,0xf797dc5e ,0xf79fe862 ,0xfd4bd852 ,0xfdcfc8ca ,0xf79fec66 ,0xf7a7e86a ,0xffd3d8da ,0xf7a7ec6e ,0xfd3fc842 ,0xf7aff872 ,0xffabe86a ,0xf7affc76 ,0xf7b7f87a ,0xfd4fdc56 ,0xf7b7fc7e ,0xfd03c8ca ,0xf7bfc8c2 ,0xfdc3c8ca ,0xf7bfccc6 ,0xf7c7c8ca ,0xffafec6e ,0xf7c7ccce ,0xf7cfd8d2 ,0xfd5bd85a ,0xfbf7fcfe ,0xf7cfdcd6 ,0xfc13d8da ,0xf7d7d8da ,0xfbb3f87a ,0xf7d7dcde ,0xf7dfe8e2 ,0xffabf872 ,0xf7dfece6 ,0xff2ff8f2 ,0xf7e7e8ea ,0xfd5fdc5e ,0xf7e7ecee ,0xf7eff8f2 ,0xff0bc8ca ,0xf7effcf6 ,0xf7f7f8fa ,0xffaffc76 ,0xf7f7fcfe ,0xfe1fe8e2 ,0xf7ffc8c2 ,0xfd5be862 ,0xf7ffccc6 ,0xf607c8ca ,0xff0fccce ,0xf607ccce ,0xf60fd8d2 ,0xffbbf87a ,0xf60fdcd6 ,0xf617d8da ,0xfd5fec66 ,0xf617dcde ,0xff97d85a ,0xf61fe8e2 ,0xff0bd8d2 ,0xffd7dcde ,0xf61fece6 ,0xf627e8ea ,0xffbffc7e ,0xf627ecee ,0xf62ff8f2 ,0xfd6be86a ,0xf62ffcf6 ,0xff7ff87a ,0xf637f8fa ,0xff0fdcd6 ,0xfdc7ccce ,0xf637fcfe ,0xfd83c84a ,0xffbbc8c2 ,0xfd6fec6e ,0xff1bd8da ,0xfd8fd852 ,0xfb73f87a ,0xffbfccc6 ,0xfd6bf872 ,0xff1fdcde ,0xffcbc8ca ,0xfb87cc4e ,0xff77f87a ,0xfd6ffc76 ,0xff1be8e2 ,0xffcfccce ,0xfc0fc8ca ,0xfd7bf87a ,0xfdcfd8d2 ,0xfe17dcde ,0xff1fece6 ,0xfd4fc84a ,0xff97dc5e ,0xffcbd8d2 ,0xff53d85a ,0xfd7ffc7e ,0xffbfc8c2 ,0xff2be8ea ,0xfd87cc4e ,0xffcfdcd6 ,0xfd43c84a ,0xfd7bc842 ,0xff2fecee ,0xff7fc842 ,0xfb77fc7e ,0xffdbd8da ,0xff3ff8fa ,0xfd7fcc46 ,0xff2bf8f2 ,0xffdfdcde ,0xfe2fe8ea ,0xfd8bc84a ,0xff33f8fa ,0xfc03c8ca ,0xff2ffcf6 ,0xffdbe8e2 ,0xfd1fd8da ,0xff07ccce ,0xf707c8ca ,0xfd8fcc4e ,0xf707ccce ,0xfe23e8ea ,0xf70fd8d2 ,0xff3bf8fa ,0xf70fdcd6 ,0xfe0fd8d2 ,0xf717d8da ,0xffdfece6 ,0xf717dcde ,0xff57dc5e ,0xf71fe8e2 ,0xfd8bd852 ,0xf71fece6 ,0xf727e8ea ,0xff3ffcfe ,0xf727ecee ,0xf72ff8f2 ,0xffebe8ea ,0xf72ffcf6 ,0xfd47cc4e ,0xf737f8fa ,0xfd8fdc56 ,0xf737fcfe ])

	# f = open("out").read()
	# def xor(a,b):
	# return "".join(map(chr,([ord(a[i%4])^ord(b[i]) for i in xrange(len(b))])))

	# for i in s:
	# open(hex(i),"w").write(xor(struct.pack("<I",i),f))


	import subprocess
	for i in t:
	print i, hex(ctypes.c_uint32((((i & 0xFFC) << 16) - 0x14C437BE) ^ ((i & 0xF0) << 8) \| ((i & 0xFFC) << 8) \| ((i >> 8) << 24) \| i & 0xFC).value)
	d = subprocess.Popen("gdb -ex 'py rax = " + str(i) + "' -x ./gg.py ", shell=True, stdout=subprocess.PIPE).stdout.read().strip()
	print ":::::",i,d
	import gdb

	class MyBreakpoint(gdb.Breakpoint):
	def stop (self):
	return True

	gdb.execute('file ./OS.BIN')
	gdb.execute("set environment LD_PRELOAD /home/sudhakar/tools/preeny/x86_64-linux-gnu/desleep.so")
	MyBreakpoint("*0x400a62")
	gdb.execute("run")
	gdb.execute('set $rax=0x%x' % rax)
	gdb.execute("continue")
	gdb.execute('quit')
	t = set([0xa14 ,0xa15 ,0xa16 ,0xa17 ,0xb14 ,0xb15 ,0xb16 ,0xb17 ,0xc14 ,0xc15 ,0xc16 ,0xc17 ,0xe14 ,0xe15 ,0xe16 ,0xe17 ,0xf14 ,0xf15 ,0xf16 ,0xf17 ,0x1214 ,0x1215 ,0x1216 ,0x1217 ,0x1314 ,0x1315 ,0x1316 ,0x1317 ,0x1414 ,0x1415 ,0x1416 ,0x1417 ,0x1a14 ,0x1a15 ,0x1a16 ,0x1a17 ,0x1b14 ,0x1b15 ,0x1b16 ,0x1b17 ,0x1c14 ,0x1c15 ,0x1c16 ,0x1c17 ,0x1e14 ,0x1e15 ,0x1e16 ,0x1e17 ,0x1f14 ,0x1f15 ,0x1f16 ,0x1f17 ,0x2a14 ,0x2a15 ,0x2a16 ,0x2a17 ,0x2b14 ,0x2b15 ,0x2b16 ,0x2b17 ,0x2c14 ,0x2c15 ,0x2c16 ,0x2c17 ,0x2e14 ,0x2e15 ,0x2e16 ,0x2e17 ,0x2f14 ,0x2f15 ,0x2f16 ,0x2f17 ,0x3214 ,0x3215 ,0x3216 ,0x3217 ,0x3314 ,0x3315 ,0x3316 ,0x3317 ,0x3414 ,0x3415 ,0x3416 ,0x3417 ,0x3a14 ,0x3a15 ,0x3a16 ,0x3a17 ,0x3b14 ,0x3b15 ,0x3b16 ,0x3b17 ,0x3c14 ,0x3c15 ,0x3c16 ,0x3c17 ,0x3e14 ,0x3e15 ,0x3e16 ,0x3e17 ,0x3f14 ,0x3f15 ,0x3f16 ,0x3f17 ,0x4a14 ,0x4a15 ,0x4a16 ,0x4a17 ,0x4b14 ,0x4b15 ,0x4b16 ,0x4b17 ,0x4c14 ,0x4c15 ,0x4c16 ,0x4c17 ,0x4e14 ,0x4e15 ,0x4e16 ,0x4e17 ,0x4f14 ,0x4f15 ,0x4f16 ,0x4f17 ,0x5214 ,0x5215 ,0x5216 ,0x5217 ,0x5314 ,0x5315 ,0x5316 ,0x5317 ,0x5414 ,0x5415 ,0x5416 ,0x5417 ,0x5a14 ,0x5a15 ,0x5a16 ,0x5a17 ,0x5b14 ,0x5b15 ,0x5b16 ,0x5b17 ,0x5c14 ,0x5c15 ,0x5c16 ,0x5c17 ,0x5e14 ,0x5e15 ,0x5e16 ,0x5e17 ,0x5f14 ,0x5f15 ,0x5f16 ,0x5f17 ,0x6a14 ,0x6a15 ,0x6a16 ,0x6a17 ,0x6b14 ,0x6b15 ,0x6b16 ,0x6b17 ,0x6c14 ,0x6c15 ,0x6c16 ,0x6c17 ,0x6e14 ,0x6e15 ,0x6e16 ,0x6e17 ,0x6f14 ,0x6f15 ,0x6f16 ,0x6f17 ,0x7214 ,0x7215 ,0x7216 ,0x7217 ,0x7314 ,0x7315 ,0x7316 ,0x7317 ,0x7414 ,0x7415 ,0x7416 ,0x7417 ,0x7a14 ,0x7a15 ,0x7a16 ,0x7a17 ,0x7b14 ,0x7b15 ,0x7b16 ,0x7b17 ,0x7c14 ,0x7c15 ,0x7c16 ,0x7c17 ,0x7e14 ,0x7e15 ,0x7e16 ,0x7e17 ,0x7f14 ,0x7f15 ,0x7f16 ,0x7f17 ,0x8a14 ,0x8a15 ,0x8a16 ,0x8a17 ,0x8b14 ,0x8b15 ,0x8b16 ,0x8b17 ,0x8c14 ,0x8c15 ,0x8c16 ,0x8c17 ,0x8e14 ,0x8e15 ,0x8e16 ,0x8e17 ,0x8f14 ,0x8f15 ,0x8f16 ,0x8f17 ,0x9214 ,0x9215 ,0x9216 ,0x9217 ,0x9314 ,0x9315 ,0x9316 ,0x9317 ,0x9414 ,0x9415 ,0x9416 ,0x9417 ,0x9a14 ,0x9a15 ,0x9a16 ,0x9a17 ,0x9b14 ,0x9b15 ,0x9b16 ,0x9b17 ,0x9c14 ,0x9c15 ,0x9c16 ,0x9c17 ,0x9e14 ,0x9e15 ,0x9e16 ,0x9e17 ,0x9f14 ,0x9f15 ,0x9f16 ,0x9f17 ,0xaa14 ,0xaa15 ,0xaa16 ,0xaa17 ,0xab14 ,0xab15 ,0xab16 ,0xab17 ,0xac14 ,0xac15 ,0xac16 ,0xac17 ,0xae14 ,0xae15 ,0xae16 ,0xae17 ,0xaf14 ,0xaf15 ,0xaf16 ,0xaf17 ,0xb214 ,0xb215 ,0xb216 ,0xb217 ,0xb314 ,0xb315 ,0xb316 ,0xb317 ,0xb414 ,0xb415 ,0xb416 ,0xb417 ,0xba14 ,0xba15 ,0xba16 ,0xba17 ,0xbb14 ,0xbb15 ,0xbb16 ,0xbb17 ,0xbc14 ,0xbc15 ,0xbc16 ,0xbc17 ,0xbe14 ,0xbe15 ,0xbe16 ,0xbe17 ,0xbf14 ,0xbf15 ,0xbf16 ,0xbf17 ,0xca14 ,0xca15 ,0xca16 ,0xca17 ,0xcb14 ,0xcb15 ,0xcb16 ,0xcb17 ,0xcc14 ,0xcc15 ,0xcc16 ,0xcc17 ,0xce14 ,0xce15 ,0xce16 ,0xce17 ,0xcf14 ,0xcf15 ,0xcf16 ,0xcf17 ,0xd214 ,0xd215 ,0xd216 ,0xd217 ,0xd314 ,0xd315 ,0xd316 ,0xd317 ,0xd414 ,0xd415 ,0xd416 ,0xd417 ,0xda14 ,0xda15 ,0xda16 ,0xda17 ,0xdb14 ,0xdb15 ,0xdb16 ,0xdb17 ,0xdc14 ,0xdc15 ,0xdc16 ,0xdc17 ,0xde14 ,0xde15 ,0xde16 ,0xde17 ,0xdf14 ,0xdf15 ,0xdf16 ,0xdf17 ,0xea14 ,0xea15 ,0xea16 ,0xea17 ,0xeb14 ,0xeb15 ,0xeb16 ,0xeb17 ,0xec14 ,0xec15 ,0xec16 ,0xec17 ,0xee14 ,0xee15 ,0xee16 ,0xee17 ,0xef14 ,0xef15 ,0xef16 ,0xef17 ,0xf214 ,0xf215 ,0xf216 ,0xf217 ,0xf314 ,0xf315 ,0xf316 ,0xf317 ,0xf414 ,0xf415 ,0xf416 ,0xf417 ,0xfa14 ,0xfa15 ,0xfa16 ,0xfa17 ,0xfb14 ,0xfb15 ,0xfb16 ,0xfb17 ,0xfc14 ,0xfc15 ,0xfc16 ,0xfc17 ,0xfe14 ,0xfe15 ,0xfe16 ,0xfe17 ,0xff14 ,0xff15 ,0xff16 ,0xff17])

	from pwn import *
	import time
	while True:
	x = int(time.time())
	if (x+5)%0x10000 in t:
	s = remote('chal1.swampctf.com',1313)
	print s.recvall()