#!/usr/bin/env python3
"""
Brute force passcode with correct data
"""
import requests
from concurrent.futures import ThreadPoolExecutor, as_completed

def lcg_step(seed):
    return (seed * 0x52c6425d + 0xcc52c) % (2**32)

def generate_keys(passcode):
    seed = passcode
    keys = []
    for _ in range(6):
        seed = lcg_step(seed)
        keys.append(seed % 0xffffff)
    return keys

sector_22 = "0292640464020a820860081608cd0833"
sector_34 = "085e0831084d084f0886083408cd081f"
username_hex = '6178656c5f6f757472756e'

def try_passcode(pc):
    keys = generate_keys(pc)
    key_bytes = []
    for key in keys[4:6]:
        key_bytes.extend([key >> 16, (key >> 8) & 0xFF, key & 0xFF])
    key_hex = ''.join(f'{b:02x}' for b in key_bytes)
    
    auth_code = sector_22 + key_hex
    
    data = {
        'uid': '04f6555b',
        'username': username_hex,
        'authorization_code': auth_code,
        'access_level': sector_34
    }
    
    try:
        r = requests.post('http://154.57.164.61:31938/api', data=data, timeout=2)
        result = r.json()
        
        if result.get('flag') and len(result.get('flag', '')) > 5:
            return (pc, result['flag'])
    except:
        pass
    
    return None

print("[*] Brute forcing passcode 0-65535...")
print("[*] This may take a few minutes...")

with ThreadPoolExecutor(max_workers=10) as executor:
    futures = {executor.submit(try_passcode, pc): pc for pc in range(65536)}
    
    for i, future in enumerate(as_completed(futures)):
        if i % 1000 == 0:
            print(f"\r[*] Progress: {i}/65536", end='', flush=True)
        
        result = future.result()
        if result:
            pc, flag = result
            print(f"\n\n{'='*70}")
            print(f"SUCCESS!")
            print(f"Passcode: {pc} (0x{pc:x})")
            print(f"FLAG: {flag}")
            print(f"{'='*70}")
            executor.shutdown(wait=False, cancel_futures=True)
            exit(0)

print("\n\n[-] Passcode not found in range 0-65535")