#!/usr/bin/env python3
"""
Simple JWT Decoder - Extract flag from stolen cookie
"""

import sys
import json
import base64

def decode_jwt(token):
    """Decode JWT without verification"""
    try:
        # JWT format: header.payload.signature
        parts = token.split('.')
        if len(parts) != 3:
            print("[-] Invalid JWT format")
            return None
        
        # Decode payload (add padding if needed)
        payload_b64 = parts[1]
        # Add padding
        payload_b64 += '=' * (4 - len(payload_b64) % 4)
        
        payload_json = base64.urlsafe_b64decode(payload_b64)
        payload = json.loads(payload_json)
        
        return payload
    except Exception as e:
        print(f"[-] Error decoding JWT: {e}")
        return None

def main():
    if len(sys.argv) < 2:
        print("Usage: python decode_jwt.py <jwt_token>")
        print("\nExample:")
        print("  python decode_jwt.py eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...")
        print("\nOr paste JWT when prompted:")
        token = input("\nPaste JWT token: ").strip()
    else:
        token = sys.argv[1].strip()
    
    if not token:
        print("[-] No token provided")
        return
    
    print(f"\n[*] Decoding JWT...")
    payload = decode_jwt(token)
    
    if payload:
        print(f"\n[+] JWT Payload:")
        print(json.dumps(payload, indent=2))
        
        if 'flag' in payload:
            print(f"\n{'='*70}")
            print(f"🚩 FLAG FOUND:")
            print(f"{'='*70}")
            print(f"\n{payload['flag']}\n")
            print(f"{'='*70}")
        else:
            print(f"\n[!] No 'flag' field in payload")
            print(f"[*] Available fields: {list(payload.keys())}")
    else:
        print("[-] Failed to decode JWT")

if __name__ == "__main__":
    main()