def get_iv(s):
send(s, '1')
print(receive_until_match(s, "input plain text: "))
send(s, 'A')
r = receive_until_match(s, "4: get encrypted key\n")
print(r)
aes_iv = re.findall('AES: (.*)\n', r)[0][:32].decode("hex")
return aes_iv
def oracle(s, payload):
send(s, 'l')
receive_until_match(s, "\:\>\>", None)
send(s, str(payload))
send(s, str(1))
send(s, str(1))
data = receive_until_match(s, "\:\>\>", None)
return "bit is wrong" in data
def oracle(s, ct):
send(s, '2')
print(receive_until_match(s, 'input hexencoded cipher text: '))
payload = long_to_bytes(ct).encode("hex")
print("Sending payload", payload)
send(s, payload)
r = receive_until_match(s, 'RSA: .*\n')
receive_until_match(s, '4: get encrypted key\n')
bit = int(re.findall('RSA: (.*)\n', r)[0], 16) & 1
return bit
def final_round(s, seed):
receive_until_match(s, "bob number")
send(s, b64e(b'\x00'))
receive_until_match(s, "bob number")
bob_no = int(receive_until(s, "\n").strip())
alice = DiffieHellman(long_to_bytes(int(seed, 2)))
alice.set_other(bob_no)
print('Shared:', alice.shared)
iv = b64d(receive_until(s, "\n"))
cipher = AES.new(long_to_bytes(alice.shared, 16)[:16], AES.MODE_CBC, IV=iv)
enc_flag = b64d(receive_until(s, "\n"))
print(cipher.decrypt(enc_flag))
def final_round(s, seed, target_seed):
while True:
receive_until_match(s, 'bit-flip str')
receive_until(s, "\n")
send(s, b64e(long_to_bytes(int(seed, 2) ^ target_seed)))
receive_until(s, "\n") # generated after
iv = b64d(receive_until(s, "\n"))
enc_flag = b64d(receive_until(s, "\n"))
for key in range(8):
cipher = AES.new(long_to_bytes(key, 16)[:16], AES.MODE_CBC, IV=iv)
flag = cipher.decrypt(enc_flag)
if 'DrgnS' in flag:
print(flag)
return
def main():
url = "47.75.53.178"
port = 9999
s = nc(url, port)
data = receive_until_match(s, "\:\>\>", None).split("\n")
e = int(data[1])
n = int(data[2])
print(e, n)
send(s, 'r')
receive_until_match(s, "\:\>\>", None).split("\n")
send(s, 'test')
data = receive_until_match(s, "\:\>\>", None).split("\n")
ct = int(data[0])
lsb_oracle(ct, lambda x: multiplicate(x, e, n), n,
lambda ct: oracle(s, ct))
def query(s, x):
send(s, '1')
send(s, str(x))
r = receive_until_match(s, 'Guess the global maximum')
y = float(re.findall('f\(.*\) = (.*)', r)[0])
print "Y = " + str(y)
return y
def main():
s = nc("37.139.4.247", 31337)
data = receive_until(s, "\n")
print(brotli.decompress(data.decode("base64")))
data = receive_until(s, "\n")
print(brotli.decompress(data.decode("base64")))
payload = int(time())
print(payload)
send(s, base64.b64encode(brotli.compress(str(payload))))
data = receive_until_match(s, "\n\n")
print(data)
data = receive_until(s, "\n")
print(brotli.decompress(data.decode("base64")))
data = receive_until(s, "\n")
print(brotli.decompress(data.decode("base64")))
data = receive_until(s, "\n")
print(brotli.decompress(data.decode("base64")))
send(s, base64.b64encode(brotli.compress("Y")))
data = receive_until(s, "\n")
decompressed = brotli.decompress(data.decode("base64"))
print('payload', decompressed)
send(s, base64.b64encode(brotli.compress(decompressed)))
data = receive_until(s, "\n")
decompressed = brotli.decompress(data.decode("base64"))
print(decompressed)
data = receive_until(s, "\n")
decompressed = brotli.decompress(data.decode("base64"))
print(decompressed)
def recover_aes_key(n, s):
send(s, '4')
r = receive_until_match(s, "here is encrypted key :\)\n.+\n")
encrypted_aes_key = re.findall("here is encrypted key :\)\n(.*)\n", r)[0]
print('aes key', encrypted_aes_key)
decrypted_aes_key = lsb_oracle(int(encrypted_aes_key, 16), lambda ct: ct * pow(2, 65537, n) % n, n, lambda ct: oracle(s, ct))
decrypted_aes_key = long_to_bytes(int(decrypted_aes_key))
return decrypted_aes_key
def recover_n(s):
send(s, '1')
print(receive_until_match(s, "input plain text: "))
send(s, '\2')
r = receive_until_match(s, "4: get encrypted key\n")
print(r)
pow2e = int(re.findall('RSA: (.*)\n', r)[0], 16)
send(s, '1')
print(receive_until_match(s, "input plain text: "))
send(s, '\3')
r = receive_until_match(s, "4: get encrypted key\n")
print(r)
pow3e = int(re.findall('RSA: (.*)\n', r)[0], 16)
n = gmpy2.gcd(2 ** 65537 - pow2e, 3 ** 65537 - pow3e)
n = factor(n)[1]
assert pow(2, 65537, n) == pow2e
return n
def main():
port = 1337
host = "34.89.64.81"
s = nc(host, port)
skip = receive_until_match(s, "pub_key = ")
skip = receive_until_match(s, "pub_key = ")
skip = receive_until_match(s, "pub_key = ")
pubkey = receive_until(s, b"\n")[:-1]
msg = receive_until(s, b"=")
msg = re.findall("\"(.*)\"", msg.decode("utf-8"))[0]
sig = receive_until(s, b"\n")[1:-1]
print(pubkey)
print(msg)
print(sig)
m, sig = solve(msg, sig)
send(s, m.encode("utf-8"))
send(s, sig.encode("utf-8"))
interactive(s)
def attack(s):
response = receive_until_match(s, "Welcome to the server. \n")
print(response)
feats = cmd_hi(s)
target = cmd_target(s)
print target
solution = solve(feats[target])
print(solution)
print(fit(solution, feats, target))
send(s, "answer " + " ".join(map(str, solution)))
print(s.recv(9999))
def main():
url = '18.179.251.168'
# url = 'localhost'
port = 21700
s = nc(url, port)
data = receive_until_match(s, "cmd:")
flag = re.findall('Here is the flag!\s*(.*)\s*cmd:', data)[0]
print(flag)
encryptor = lambda data: enc(s, data)
decryptor = lambda data: dec(s, data)
n = recover_pubkey(encryptor)
print(n)
print(recover_flag(encryptor, decryptor, flag, n))
def main():
host = "37.139.4.247"
port = 19153
s = nc(host, port)
data = receive_until_match(s, "= .*\n")
print(data)
suffix = data[-7:-1]
print(suffix)
response = pow(suffix, data)
print('pow', response)
send(s, response)
print(receive_until_match(s, "solve"))
send(s, 'C')
data = receive_until_match(s, "n = \d+\n")
print(data)
number = re.findall("n = (\d+)", data)[0]
for i in range(101):
data = receive_until_match(s, "equal to " + str(i))
print(data)
response = calculate(number, i)
print(i, response)
send(s, response)
interactive(s)
def get_kn():
host = "3.115.26.78"
port = 31337
s = nc(host, port)
receive_until_match(s, "! ")
flag_ct = receive_until(s, "\n")[:-1]
plaintexts = [long_to_bytes(x)[3:] for x in prepare_values()]
results = []
for pt in plaintexts:
receive_until_match(s, ": ")
send(s, pt.encode("hex"))
res = receive_until(s, "\n")[:-1]
results.append(res)
s.close()
CTA = int(results[0], 16)
CTB = int(results[1], 16)
CTC = int(results[2], 16)
CTD = int(results[3], 16)
kn = (CTA * CTB) - (CTD * CTC)
print("Got k*N", kn)
return kn
def main():
url = "crypto.chal.ctf.westerns.tokyo"
port = 5643
s = nc(url, port)
print(receive_until_match(s, "4: get encrypted key"))
n = recover_n(s)
print('n', n)
decrypted_aes_key = recover_aes_key(n, s)
print('aes key', decrypted_aes_key.encode("hex"))
next_iv_hex = recover_next_iv(s)
print('next iv', next_iv_hex)
send(s, '3')
r = receive_until_match(s, "4: get encrypted key\n")
flag_ct = re.findall("another bulldozer is coming!\n(.*)\n", r)[0][32:]
print('encrypted flag', next_iv_hex + flag_ct)
print(aes_decrypt((next_iv_hex + flag_ct).decode("hex"), decrypted_aes_key))
s.close()
def get_flag(msg1, msg2):
url = "111.186.63.14"
port = 10001
s = nc(url, port)
challenge = receive_until_match(s, "XXXX:")
suffix, result = re.findall("sha256\(XXXX\+(.*?)\) == (.*)\s",
challenge)[0]
print(suffix, result)
prefix = break_pow(suffix, result)
print(prefix)
send(s, prefix)
send(s, msg1)
sleep(1)
send(s, msg2)
print(interactive(s))
def main():
bitsize = 1024
url = "13.112.92.9"
port = 21701
s = nc(url, port)
data = receive_until_match(s, "cmd:")
flag = int(re.findall('Here is the flag!\s*(.*)\s*cmd:', data)[0], 16)
print(flag)
encryptor = lambda data: enc(s, data)
decryptor = lambda data: dec(s, data)
n = recover_modulus(encryptor, decryptor, bitsize)
print('modulus', n)
known_flag_suffix = "_paillier!!}\n"
print(recover_flag(decryptor, flag, n, bitsize, known_flag_suffix))
pass
def main():
host = "crypto.byteband.it"
port = 7002
s = nc(host, port)
for i in range(32):
data = receive_until_match(s, "Plaintext \(b64encoded\) : ")
pt = receive_until(s, "\n").decode("base64")
receive_until(s, "\n")
x = int(receive_until(s, "\n").strip(), 16)
m = int(receive_until(s, "\n").strip(), 16)
print('x', x)
print('m', m)
n = recover_n(x, m)
print('recovered n', n)
key = RSA.construct((long(n), long(65537)))
ct = base64.b64encode(encrypt(key, pt))
print('ct', ct)
send(s, ct)
interactive(s)
def level():
challenge = receive_until_match(
s, r'Press the Enter key to start the challenge...')
print(challenge)
s.send("\n")
code = receive_until_match(s, r'Answer:')
print 'code', code
raw_code = '\n'.join(code.split('\n')[1:-1])
print 'raw_code', raw_code
if '| | |___ | | |_| | | |___ ' in challenge:
arch = 'i386'
ks = (KS_ARCH_X86, KS_MODE_32)
cs = (CS_ARCH_X86, CS_MODE_32)
uc = (UC_ARCH_X86, UC_MODE_32)
uc_result = UC_X86_REG_EAX
uc_stack = UC_X86_REG_ESP
elif "`. `' .' / / \ ' / ' _ \\" in challenge:
arch = 'x64'
ks = (KS_ARCH_X86, KS_MODE_64)
cs = (CS_ARCH_X86, CS_MODE_64)
uc = (UC_ARCH_X86, UC_MODE_64)
uc_result = UC_X86_REG_RAX
uc_stack = UC_X86_REG_RSP
elif ' |_ _| | || | |_ __ \ | || | / ___ | |' in challenge:
arch = 'mips'
ks = (KS_ARCH_MIPS, KS_MODE_MIPS32 + KS_MODE_BIG_ENDIAN)
cs = (CS_ARCH_MIPS, CS_MODE_MIPS32 + CS_MODE_BIG_ENDIAN)
uc = (UC_ARCH_MIPS, UC_MODE_MIPS32 + UC_MODE_BIG_ENDIAN)
uc_result = UC_MIPS_REG_V0
uc_stack = UC_MIPS_REG_29
elif '/ /\ \ / /\ \ ) (__) ) / / \ (__) / / / ( (__) (_' in challenge:
arch = 'aarch64'
ks = (KS_ARCH_ARM64, KS_MODE_LITTLE_ENDIAN)
cs = (CS_ARCH_ARM64, CS_MODE_LITTLE_ENDIAN)
uc = (UC_ARCH_ARM64, UC_MODE_ARM)
uc_result = UC_ARM64_REG_X0
uc_stack = UC_ARM64_REG_SP
elif '|____| |____||____| |___||_____||_____' in challenge:
arch = 'arm'
ks = (KS_ARCH_ARM, KS_MODE_ARM)
cs = (CS_ARCH_ARM, CS_MODE_ARM)
uc = (UC_ARCH_ARM, UC_MODE_ARM)
uc_result = UC_ARM_REG_R0
uc_stack = UC_ARM_REG_SP
elif '|_| \_\_____|_____/ \_____| \/ ' in challenge: # risc
arch = 'risc'
response = riscv_asm.asm(raw_code).encode('base64').replace('\n', '')
global last_stage
last_stage = True
elif last_stage:
arch = 'wasm'
response = wasmlib.asm(raw_code).encode('base64').replace('\n', '')
else:
# assume PPC32
arch = 'ppc32'
ks = (KS_ARCH_PPC, KS_MODE_PPC32 + KS_MODE_BIG_ENDIAN)
cs = (CS_ARCH_PPC, CS_MODE_32 + CS_MODE_BIG_ENDIAN)
for i in range(32):
raw_code = raw_code.replace("r" + str(i), str(i))
print 'architecture:', arch
if arch != 'risc' and arch != 'wasm':
ks = Ks(ks[0], ks[1])
encoding, count = ks.asm(raw_code)
if arch == 'mips':
encoding = encoding[:-4] # untestedy yet
response = ''.join(map(chr,
encoding)).encode('base64').replace('\n', '')
print 'response', response
s.send(response + '\n')
print(receive_until(s, '\n'))
out = receive_until(s, '\n')
print(out)
if arch == 'risc':
code = out.decode('base64')
result = riscv_dis.dis(code)
elif arch == 'wasm': # wasm
code = out.decode('base64')
result = wasmlib.dis(code)
else:
cs = Cs(cs[0], cs[1])
result = []
for i in cs.disasm(out.decode('base64'), 0x1000):
result += [(i.mnemonic + " " + i.op_str).strip()]
result = '\n'.join(result)
print 'asm', result
resultb64 = result.encode('base64').replace('\n', '')
print 'asmb64', resultb64
s.send(resultb64 + '\n')
print 'D', s.recv(99999)
print 'E', s.recv(99999)
challenge = s.recv(99999)
print repr(challenge)
data = challenge[8:-10]
print data.encode('hex')
if arch == 'risc':
result = riscv_dis.dis(data)
print(result)
elif arch == 'wasm':
result = wasmlib.dis(data)
print(result)
else:
result = []
for i in cs.disasm(challenge, 0x1000):
result += [(i.mnemonic + " " + i.op_str).strip()]
result = '\n'.join(result)
print result
# callback for tracing instructions
def hook_code(uc, address, size, user_data):
print(">>> Tracing instruction at 0x%x, instruction size = 0x%x" %
(address, size))
for kot in cs.disasm(data[address - ADDRESS:address - ADDRESS + size],
4):
OP = kot.mnemonic + " " + kot.op_str
print 'OK', OP
break
if 'jr $ra' in OP:
uc.emu_stop()
elif 'ret' in OP:
uc.emu_stop()
elif 'bx lr' in OP:
uc.emu_stop()
return 'kot'
if arch == 'ppc32':
out = ppc_execute(result)
elif arch == 'risc':
out = risc_execute(result)
elif arch == 'wasm':
out = wasmlib.eval(result)
else:
uc = Uc(uc[0], uc[1])
ADDRESS = 0x10000000
STACK = 0x20000000
uc.mem_map(ADDRESS, 4 * 1024 * 1024)
uc.mem_map(STACK, 4 * 1024 * 1024)
uc.mem_write(ADDRESS, data)
uc.reg_write(uc_stack, STACK + 0x2000)
# tracing one instruction at ADDRESS with customized callback
uc.hook_add(UC_HOOK_CODE,
hook_code,
begin=ADDRESS,
end=ADDRESS + len(data))
uc.emu_start(ADDRESS, ADDRESS + len(data))
out = uc.reg_read(uc_result)
print "RESULT", hex(out)
if arch != 'wasm':
s.sendall(hex(out).replace('L', '') + '\n')
else:
s.sendall(str(out) + "\n")
interactive(s)
print(receive_until_match(s, '------------------------------'))
data = receive_until_match(s, '------------------------------')
print(data)
if "Wrong" in data:
interactive(s)
send(s, '2')
send(s, str(y))
return receive_until_match(s, 'Guess the global maximum')
if __name__ == "__main__":
s = nc(HOST, PORT)
# pass CAPTCHA
r = s.recv(4096)
md5_s = re.findall('md5\(X\).hexdigest\(\)\[\:5\]=(.+?)\.', r)[0]
send(s, captcha(md5_s))
# start retrieving information
r = receive_until_match(s, 'Guess the global maximum')
# getting x range
x_range = re.findall('defined in range \((.*), (.*)\)', r)
x_min = float(x_range[0][0])
x_max = float(x_range[0][1])
# getting f(x) values
j = 0
x = []
y = []
for i in arange(x_min, x_max, 0.4):
x.append(i)
y.append(query(s, i))
j += 1
if (j == 500):
def guess(s, y):
send(s, '2')
send(s, str(y))
return receive_until_match(s, 'Guess the global maximum')
def get_iterations(s, msg):
send(s, b64e(msg))
receive_until_match(s, "Generated after ")
count = int(receive_until(s, "\n").split(' ')[0].strip())
return count
def main():
s = nc("52.193.157.19", 9999)
data = receive_until_match(s, "Give me XXXX:")
inputs = re.findall("SHA256\(XXXX\+(.*)\) == (.*)", data)[0]
suffix = inputs[0]
digest = inputs[1]
result = PoW(suffix, digest)
print("PoW done")
send(s, result)
receive_until_match(s, "Done!\n")
welcome = receive_until(s, "\n")[:-1]
get_flag_payload = generate_payload_from_message(welcome, "Welcome!",
"get-flag")
send(s, get_flag_payload)
encrypted_flag = receive_until(s, "\n")[:-1]
raw_enc_flag = encrypted_flag.decode("base64")
current = "hitcon{"
print('encrypted flag', encrypted_flag, encrypted_flag.decode("base64"),
len(encrypted_flag.decode("base64")))
for block_to_recover in range(3):
malleable_block = base64.b64encode(raw_enc_flag[block_to_recover *
16:])
missing = 16 - len(current)
for spaces in range(missing):
for c in string.printable:
test_flag_block_prefix = current + c + ("\0" *
(missing - spaces))
expected_command = (" " * spaces) + "get-flag"
payload = generate_payload_from_message(
malleable_block, test_flag_block_prefix, expected_command)
send(s, payload)
result = receive_until(s, "\n")[:-1]
if result == encrypted_flag:
current += c
print('found matching flag char:', current)
break
print(current)
known_blocks = raw_enc_flag[16 *
block_to_recover:16 * block_to_recover +
32]
expanded_flag = raw_enc_flag[
16 *
block_to_recover:] + known_blocks # appending IV and "Welcome!!" at the end
next_block_known = ""
for i in range(8):
get_md5 = set_cbc_payload_for_block(expanded_flag,
"\0" * 16 + current,
(" " * 9) + "get-md5",
1) # first block is get-md5
get_md5 = set_byte_cbc(
get_md5, ("\0" * (5 - block_to_recover) * 16) + current,
(6 - block_to_recover) * 16 - 1,
chr((4 - block_to_recover) * 16 - i -
1)) # last character to cut padding
send(s, base64.b64encode(get_md5))
real_md5_result = receive_until(s, "\n")[:-1]
for c in string.printable:
test_md5_payload = set_cbc_payload_for_block(
expanded_flag, "\0" * 16 + current,
(" " * (8 - i - 1)) + "get-md5" + next_block_known + c, 1)
test_md5_payload = set_byte_cbc(
test_md5_payload,
("\0" * (5 - block_to_recover) * 16) + current,
(6 - block_to_recover) * 16 - 1,
chr((4 - block_to_recover) * 16 + 1))
send(s, base64.b64encode(test_md5_payload))
test_md5_result = receive_until(s, "\n")[:-1]
if real_md5_result == test_md5_result:
next_block_known += c
print('found matching flag char:', next_block_known)
break
print(next_block_known)
current = next_block_known[:-1]
def rakflag():
for i in range(7):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('w\n')
for i in range(16):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('d\n')
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('w\n')
for i in range(10):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('s\n')
for i in range(17):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('a\n')
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('s\n')
for i in range(16):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('a\n')
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('s\n')
for i in range(6):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('d\n')
for i in range(4):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('w\n')
for i in range(2):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('a\n')
for i in range(4):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('w\n')
for i in range(5):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('a\n')
for i in range(2):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('w\n')
for i in range(25):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('d\n')
for i in range(4):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('s\n')
for i in range(10):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('d\n')
print(receive_until_match(s, "(Press the Enter key to continue...)"))
s.sendall("\n")
print(receive_until_match(s, "(Press the Enter key to continue...)"))
s.sendall("\n")
print(receive_until_match(s, "(Press the Enter key to continue...)"))
s.sendall("\n")
level()
s.sendall("\n")
s.sendall("\n")
s.sendall("\n")
interactive(s)
def command(s, data, command):
send(s, command)
res = receive_until_match(s, "input: ")
send(s, data.encode("hex"))
res = receive_until_match(s, ".*\n")
return re.findall("(.*)\s+", res)[0]
HOST = '199.247.6.180'
PORT = 14002
if __name__ == "__main__":
s = nc(HOST, PORT)
# pass CAPTCHA
r = s.recv(4096)
md5_s = re.findall('md5\(X\).hexdigest\(\)\[\:5\]=(.+?)\.', r)[0]
send(s, captcha(md5_s))
# start NIM game
r = receive_until_match(s, 'Input the pile:')
state = map(
int,
re.findall('Current state of the game: \[(.*)\]', r)[0].split(','))
while (True):
print 'STATE: ' + str(state)
index, quantity = nim(state, 'normal')
print 'SEND: index = ' + str(index) + ', quantity = ' + str(quantity)
send(s, str(index))
send(s, str(quantity))
if (state.count(0) != 14):
r = receive_until_match(s, 'Input the pile:')
state = map(
int,
def main():
global s
s = socket.socket()
s.connect(('13.231.83.89', 30262))
print 'A', s.recv(999999)
print 'B', s.recv(999999)
s.send('\n')
print 'C', s.recv(999999)
print 'D', s.recv(999999)
s.send('\n')
print 'E', s.recv(999999)
print 'F', s.recv(999999)
s.send('\n')
print 'G', s.recv(999999)
print 'H', s.recv(999999)
s.send('A\n')
print 'I', s.recv(999999)
print 'J', s.recv(999999)
s.send('\n')
print 'K', s.recv(999999)
print 'L', s.recv(999999)
s.send('B\n')
print 'M', s.recv(999999)
print 'N', s.recv(999999)
s.send('\n')
print 'O', s.recv(999999)
s.send('duck\n')
for i in range(7):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('w\n')
level()
for i in range(16):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('d\n')
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('w\n')
level()
for i in range(9):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('s\n')
level()
for i in range(16):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('a\n')
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('s\n')
level()
for i in range(15):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('a\n')
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('s\n')
level()
for i in range(6):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('d\n')
for i in range(4):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('w\n')
for i in range(2):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('a\n')
level()
for i in range(4):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('w\n')
for i in range(5):
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('a\n')
print(receive_until_match(s, "w/a/s/d:"))
s.sendall('w\n')
level()
while True:
data = receive_until_match(s, '(Press the Enter key to continue...)')
print(data)
if 'EXIT2' in data:
break
s.sendall('\n')
rakflag()
