import java.io.*;
import java.net.*;
import java.util.Arrays;
 
/**
* In this project you will experiment with a padding oracle attack against a toy web site hosted at
* crypto-class.appspot.com. Padding oracle vulnerabilities affect a wide variety of products, including secure tokens.
* This project will show how they can be exploited. We discussed CBC padding oracle attacks in Lecture 7.6, but if you
* want to read more about them, please see Vaudenay's paper.
* <p/>
* Now to business. Suppose an attacker wishes to steal secret information from our target web site
* crypto-class.appspot.com. The attacker suspects that the web site embeds encrypted customer data in URL parameters
* such as this:
* <p/>
* http://c...content-available-to-author-only...t.com/po?er=f20bdba6ff29eed7b046d1df9fb7000058b1ffb4210a580f748b4ac714c001bd4a61044426fb515dad3f21f18aa577c0bdf302936266926ff37dbf7035d5eeb4
* <p/>
* That is, when customer Alice interacts with the site, the site embeds a URL like this in web pages it sends to Alice.
* The attacker intercepts the URL listed above and guesses that the ciphertext following the "po?er=" is a hex encoded
* AES CBC encryption with a random IV of some secret data about Alice's session.
* <p/>
* After some experimentation the attacker discovers that the web site is vulnerable to a CBC padding oracle attack. In
* particular, when a decrypted CBC ciphertext ends in an invalid pad the web server returns a 403 error code (forbidden
* request). When the CBC padding is valid, but the message is malformed, the web server returns a 404 error code (URL not found).
* <p/>
* Armed with this information your goal is to decrypt the ciphertext listed above. To do so you can send arbitrary HTTP
* requests to the web site of the form http://c...content-available-to-author-only...t.com/po?er="your ciphertext here" and observe the
* resulting error code. The padding oracle will let you decrypt the given ciphertext one byte at a time. To decrypt a
* single byte you will need to send up to 256 HTTP requests to the site. Keep in mind that the first ciphertext block
* is the random IV. The decrypted message is ASCII encoded.
* <p/>
* To get you started here is a short Python script that sends a ciphertext supplied on the command line to the site and
* prints the resulting error code. You can extend this script (or write one from scratch) to implement the padding
* oracle attack. Once you decrypt the given ciphertext, please enter the decrypted message in the box below.
* <p/>
* This project shows that when using encryption you must prevent padding oracle attacks by either using encrypt-then-MAC
* as in EAX or GCM, or if you must use MAC-then-encrypt then ensure that the site treats padding errors the same way it
* treats MAC errors.
*/
public class Lesson04 {
    final protected static char[] HEX_ARRAY = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
    public static final int BLOCK_SIZE = 16;
    public static final String CIPHER_TEXT = "f20bdba6ff29eed7b046d1df9fb7000058b1ffb4210a580f748b4ac714c001bd4a61044426fb515dad3f21f18aa577c0bdf302936266926ff37dbf7035d5eeb4";
    public static final String ATTACK_URL = "http://c...content-available-to-author-only...t.com/po?er=";
 
    public static void main(String[] args) throws IOException {
        // cipher text
        byte[] c = hexStringToByteArray(CIPHER_TEXT);
        // decrypted text
        String d = "";
 
        for (int block = 0; block < (c.length - BLOCK_SIZE) / BLOCK_SIZE; block++) {
            // copy current block and all previous
            byte[] cb = Arrays.copyOfRange(c, 0, c.length - block * BLOCK_SIZE);
 
            for (int i = 0; i < BLOCK_SIZE; i++) {
 
                byte[] cm = cb.clone();
                byte found = 0;
 
                // position of byte that will be guessed
                int pos = cb.length - 1 - BLOCK_SIZE - i;
 
                // try to guess value of this byte
                for (int b = 0; b < 256; b++) {
 
                    // pad all bytes from current to the end of the block
                    for (int k = 0; k < i + 1; k++) {
                        cm[pos + k] = (byte) (cb[pos + k] ^ (i + 1));
                    }
 
                    // xor byte with guessed value
                    cm[pos] = (byte) (cm[pos] ^ b);
 
                    int status = getUrlStatus(ATTACK_URL + byteArrayToHexString(cm));
 
                    // Log request
                    System.out.println(block + ":" + i + ":" + pos + ":" + b + "> " + status + " = " + byteArrayToHexString(cm));
 
                    if (status == 404) {
                        // pad is correct
                        found = (byte) b;
                        break;
                    } else if (status == 200) {
                        // pad is correct or no changes to guessed value are made
                        // this can happen if pad equals guessed value, then
                        // pad ^ guessed = 0
                        // save this value as possible result
                        // but wait if 404 is returned
                        found = (byte) b;
                    }
                }
 
                // save found value for next round
                cb[pos] = (byte) (cb[pos] ^ found);
 
                // save to decrypted value
                d = (char) found + d;
 
                // Log decrypted value
                System.out.println("found >> " + found + " = " + d);
                System.out.println();
            }
        }
    }
 
    public static int getUrlStatus(String urlPath) throws IOException {
        URL url = new URL(urlPath);
        URLConnection connection = url.openConnection();
 
        connection.connect();
 
        if (connection instanceof HttpURLConnection) {
            HttpURLConnection httpConnection = (HttpURLConnection) connection;
 
            return httpConnection.getResponseCode();
        } else {
            return 0;
        }
    }
 
    public static byte[] hexStringToByteArray(String s) {
        int len = s.length();
        byte[] data = new byte[len / 2];
        for (int i = 0; i < len; i += 2) {
            data[i / 2] = (byte) ((Character.digit(s.charAt(i), BLOCK_SIZE) << 4)
                    + Character.digit(s.charAt(i + 1), BLOCK_SIZE));
        }
        return data;
    }
 
    public static String byteArrayToHexString(byte[] bytes) {
        char[] hexChars = new char[bytes.length * 2];
        int v;
        for (int j = 0; j < bytes.length; j++) {
            v = bytes[j] & 0xFF;
            hexChars[j * 2] = HEX_ARRAY[v >>> 4];
            hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
        }
        return new String(hexChars);
    }
 
}

aW1wb3J0IGphdmEuaW8uKjsKaW1wb3J0IGphdmEubmV0Lio7CmltcG9ydCBqYXZhLnV0aWwuQXJyYXlzOwoKLyoqCiogSW4gdGhpcyBwcm9qZWN0IHlvdSB3aWxsIGV4cGVyaW1lbnQgd2l0aCBhIHBhZGRpbmcgb3JhY2xlIGF0dGFjayBhZ2FpbnN0IGEgdG95IHdlYiBzaXRlIGhvc3RlZCBhdAoqIGNyeXB0by1jbGFzcy5hcHBzcG90LmNvbS4gUGFkZGluZyBvcmFjbGUgdnVsbmVyYWJpbGl0aWVzIGFmZmVjdCBhIHdpZGUgdmFyaWV0eSBvZiBwcm9kdWN0cywgaW5jbHVkaW5nIHNlY3VyZSB0b2tlbnMuCiogVGhpcyBwcm9qZWN0IHdpbGwgc2hvdyBob3cgdGhleSBjYW4gYmUgZXhwbG9pdGVkLiBXZSBkaXNjdXNzZWQgQ0JDIHBhZGRpbmcgb3JhY2xlIGF0dGFja3MgaW4gTGVjdHVyZSA3LjYsIGJ1dCBpZiB5b3UKKiB3YW50IHRvIHJlYWQgbW9yZSBhYm91dCB0aGVtLCBwbGVhc2Ugc2VlIFZhdWRlbmF5J3MgcGFwZXIuCiogPHAvPgoqIE5vdyB0byBidXNpbmVzcy4gU3VwcG9zZSBhbiBhdHRhY2tlciB3aXNoZXMgdG8gc3RlYWwgc2VjcmV0IGluZm9ybWF0aW9uIGZyb20gb3VyIHRhcmdldCB3ZWIgc2l0ZQoqIGNyeXB0by1jbGFzcy5hcHBzcG90LmNvbS4gVGhlIGF0dGFja2VyIHN1c3BlY3RzIHRoYXQgdGhlIHdlYiBzaXRlIGVtYmVkcyBlbmNyeXB0ZWQgY3VzdG9tZXIgZGF0YSBpbiBVUkwgcGFyYW1ldGVycwoqIHN1Y2ggYXMgdGhpczoKKiA8cC8+CiogaHR0cDovL2MuLi5jb250ZW50LWF2YWlsYWJsZS10by1hdXRob3Itb25seS4uLnQuY29tL3BvP2VyPWYyMGJkYmE2ZmYyOWVlZDdiMDQ2ZDFkZjlmYjcwMDAwNThiMWZmYjQyMTBhNTgwZjc0OGI0YWM3MTRjMDAxYmQ0YTYxMDQ0NDI2ZmI1MTVkYWQzZjIxZjE4YWE1NzdjMGJkZjMwMjkzNjI2NjkyNmZmMzdkYmY3MDM1ZDVlZWI0CiogPHAvPgoqIFRoYXQgaXMsIHdoZW4gY3VzdG9tZXIgQWxpY2UgaW50ZXJhY3RzIHdpdGggdGhlIHNpdGUsIHRoZSBzaXRlIGVtYmVkcyBhIFVSTCBsaWtlIHRoaXMgaW4gd2ViIHBhZ2VzIGl0IHNlbmRzIHRvIEFsaWNlLgoqIFRoZSBhdHRhY2tlciBpbnRlcmNlcHRzIHRoZSBVUkwgbGlzdGVkIGFib3ZlIGFuZCBndWVzc2VzIHRoYXQgdGhlIGNpcGhlcnRleHQgZm9sbG93aW5nIHRoZSAicG8/ZXI9IiBpcyBhIGhleCBlbmNvZGVkCiogQUVTIENCQyBlbmNyeXB0aW9uIHdpdGggYSByYW5kb20gSVYgb2Ygc29tZSBzZWNyZXQgZGF0YSBhYm91dCBBbGljZSdzIHNlc3Npb24uCiogPHAvPgoqIEFmdGVyIHNvbWUgZXhwZXJpbWVudGF0aW9uIHRoZSBhdHRhY2tlciBkaXNjb3ZlcnMgdGhhdCB0aGUgd2ViIHNpdGUgaXMgdnVsbmVyYWJsZSB0byBhIENCQyBwYWRkaW5nIG9yYWNsZSBhdHRhY2suIEluCiogcGFydGljdWxhciwgd2hlbiBhIGRlY3J5cHRlZCBDQkMgY2lwaGVydGV4dCBlbmRzIGluIGFuIGludmFsaWQgcGFkIHRoZSB3ZWIgc2VydmVyIHJldHVybnMgYSA0MDMgZXJyb3IgY29kZSAoZm9yYmlkZGVuCiogcmVxdWVzdCkuIFdoZW4gdGhlIENCQyBwYWRkaW5nIGlzIHZhbGlkLCBidXQgdGhlIG1lc3NhZ2UgaXMgbWFsZm9ybWVkLCB0aGUgd2ViIHNlcnZlciByZXR1cm5zIGEgNDA0IGVycm9yIGNvZGUgKFVSTCBub3QgZm91bmQpLgoqIDxwLz4KKiBBcm1lZCB3aXRoIHRoaXMgaW5mb3JtYXRpb24geW91ciBnb2FsIGlzIHRvIGRlY3J5cHQgdGhlIGNpcGhlcnRleHQgbGlzdGVkIGFib3ZlLiBUbyBkbyBzbyB5b3UgY2FuIHNlbmQgYXJiaXRyYXJ5IEhUVFAKKiByZXF1ZXN0cyB0byB0aGUgd2ViIHNpdGUgb2YgdGhlIGZvcm0gaHR0cDovL2MuLi5jb250ZW50LWF2YWlsYWJsZS10by1hdXRob3Itb25seS4uLnQuY29tL3BvP2VyPSJ5b3VyIGNpcGhlcnRleHQgaGVyZSIgYW5kIG9ic2VydmUgdGhlCiogcmVzdWx0aW5nIGVycm9yIGNvZGUuIFRoZSBwYWRkaW5nIG9yYWNsZSB3aWxsIGxldCB5b3UgZGVjcnlwdCB0aGUgZ2l2ZW4gY2lwaGVydGV4dCBvbmUgYnl0ZSBhdCBhIHRpbWUuIFRvIGRlY3J5cHQgYQoqIHNpbmdsZSBieXRlIHlvdSB3aWxsIG5lZWQgdG8gc2VuZCB1cCB0byAyNTYgSFRUUCByZXF1ZXN0cyB0byB0aGUgc2l0ZS4gS2VlcCBpbiBtaW5kIHRoYXQgdGhlIGZpcnN0IGNpcGhlcnRleHQgYmxvY2sKKiBpcyB0aGUgcmFuZG9tIElWLiBUaGUgZGVjcnlwdGVkIG1lc3NhZ2UgaXMgQVNDSUkgZW5jb2RlZC4KKiA8cC8+CiogVG8gZ2V0IHlvdSBzdGFydGVkIGhlcmUgaXMgYSBzaG9ydCBQeXRob24gc2NyaXB0IHRoYXQgc2VuZHMgYSBjaXBoZXJ0ZXh0IHN1cHBsaWVkIG9uIHRoZSBjb21tYW5kIGxpbmUgdG8gdGhlIHNpdGUgYW5kCiogcHJpbnRzIHRoZSByZXN1bHRpbmcgZXJyb3IgY29kZS4gWW91IGNhbiBleHRlbmQgdGhpcyBzY3JpcHQgKG9yIHdyaXRlIG9uZSBmcm9tIHNjcmF0Y2gpIHRvIGltcGxlbWVudCB0aGUgcGFkZGluZwoqIG9yYWNsZSBhdHRhY2suIE9uY2UgeW91IGRlY3J5cHQgdGhlIGdpdmVuIGNpcGhlcnRleHQsIHBsZWFzZSBlbnRlciB0aGUgZGVjcnlwdGVkIG1lc3NhZ2UgaW4gdGhlIGJveCBiZWxvdy4KKiA8cC8+CiogVGhpcyBwcm9qZWN0IHNob3dzIHRoYXQgd2hlbiB1c2luZyBlbmNyeXB0aW9uIHlvdSBtdXN0IHByZXZlbnQgcGFkZGluZyBvcmFjbGUgYXR0YWNrcyBieSBlaXRoZXIgdXNpbmcgZW5jcnlwdC10aGVuLU1BQwoqIGFzIGluIEVBWCBvciBHQ00sIG9yIGlmIHlvdSBtdXN0IHVzZSBNQUMtdGhlbi1lbmNyeXB0IHRoZW4gZW5zdXJlIHRoYXQgdGhlIHNpdGUgdHJlYXRzIHBhZGRpbmcgZXJyb3JzIHRoZSBzYW1lIHdheSBpdAoqIHRyZWF0cyBNQUMgZXJyb3JzLgoqLwpwdWJsaWMgY2xhc3MgTGVzc29uMDQgewogICAgZmluYWwgcHJvdGVjdGVkIHN0YXRpYyBjaGFyW10gSEVYX0FSUkFZID0geycwJywgJzEnLCAnMicsICczJywgJzQnLCAnNScsICc2JywgJzcnLCAnOCcsICc5JywgJ2EnLCAnYicsICdjJywgJ2QnLCAnZScsICdmJ307CiAgICBwdWJsaWMgc3RhdGljIGZpbmFsIGludCBCTE9DS19TSVpFID0gMTY7CiAgICBwdWJsaWMgc3RhdGljIGZpbmFsIFN0cmluZyBDSVBIRVJfVEVYVCA9ICJmMjBiZGJhNmZmMjllZWQ3YjA0NmQxZGY5ZmI3MDAwMDU4YjFmZmI0MjEwYTU4MGY3NDhiNGFjNzE0YzAwMWJkNGE2MTA0NDQyNmZiNTE1ZGFkM2YyMWYxOGFhNTc3YzBiZGYzMDI5MzYyNjY5MjZmZjM3ZGJmNzAzNWQ1ZWViNCI7CiAgICBwdWJsaWMgc3RhdGljIGZpbmFsIFN0cmluZyBBVFRBQ0tfVVJMID0gImh0dHA6Ly9jLi4uY29udGVudC1hdmFpbGFibGUtdG8tYXV0aG9yLW9ubHkuLi50LmNvbS9wbz9lcj0iOwoKICAgIHB1YmxpYyBzdGF0aWMgdm9pZCBtYWluKFN0cmluZ1tdIGFyZ3MpIHRocm93cyBJT0V4Y2VwdGlvbiB7CiAgICAgICAgLy8gY2lwaGVyIHRleHQKICAgICAgICBieXRlW10gYyA9IGhleFN0cmluZ1RvQnl0ZUFycmF5KENJUEhFUl9URVhUKTsKICAgICAgICAvLyBkZWNyeXB0ZWQgdGV4dAogICAgICAgIFN0cmluZyBkID0gIiI7CgogICAgICAgIGZvciAoaW50IGJsb2NrID0gMDsgYmxvY2sgPCAoYy5sZW5ndGggLSBCTE9DS19TSVpFKSAvIEJMT0NLX1NJWkU7IGJsb2NrKyspIHsKICAgICAgICAgICAgLy8gY29weSBjdXJyZW50IGJsb2NrIGFuZCBhbGwgcHJldmlvdXMKICAgICAgICAgICAgYnl0ZVtdIGNiID0gQXJyYXlzLmNvcHlPZlJhbmdlKGMsIDAsIGMubGVuZ3RoIC0gYmxvY2sgKiBCTE9DS19TSVpFKTsKCiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgQkxPQ0tfU0laRTsgaSsrKSB7CgogICAgICAgICAgICAgICAgYnl0ZVtdIGNtID0gY2IuY2xvbmUoKTsKICAgICAgICAgICAgICAgIGJ5dGUgZm91bmQgPSAwOwoKICAgICAgICAgICAgICAgIC8vIHBvc2l0aW9uIG9mIGJ5dGUgdGhhdCB3aWxsIGJlIGd1ZXNzZWQKICAgICAgICAgICAgICAgIGludCBwb3MgPSBjYi5sZW5ndGggLSAxIC0gQkxPQ0tfU0laRSAtIGk7CgogICAgICAgICAgICAgICAgLy8gdHJ5IHRvIGd1ZXNzIHZhbHVlIG9mIHRoaXMgYnl0ZQogICAgICAgICAgICAgICAgZm9yIChpbnQgYiA9IDA7IGIgPCAyNTY7IGIrKykgewoKICAgICAgICAgICAgICAgICAgICAvLyBwYWQgYWxsIGJ5dGVzIGZyb20gY3VycmVudCB0byB0aGUgZW5kIG9mIHRoZSBibG9jawogICAgICAgICAgICAgICAgICAgIGZvciAoaW50IGsgPSAwOyBrIDwgaSArIDE7IGsrKykgewogICAgICAgICAgICAgICAgICAgICAgICBjbVtwb3MgKyBrXSA9IChieXRlKSAoY2JbcG9zICsga10gXiAoaSArIDEpKTsKICAgICAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgICAgIC8vIHhvciBieXRlIHdpdGggZ3Vlc3NlZCB2YWx1ZQogICAgICAgICAgICAgICAgICAgIGNtW3Bvc10gPSAoYnl0ZSkgKGNtW3Bvc10gXiBiKTsKCiAgICAgICAgICAgICAgICAgICAgaW50IHN0YXR1cyA9IGdldFVybFN0YXR1cyhBVFRBQ0tfVVJMICsgYnl0ZUFycmF5VG9IZXhTdHJpbmcoY20pKTsKCiAgICAgICAgICAgICAgICAgICAgLy8gTG9nIHJlcXVlc3QKICAgICAgICAgICAgICAgICAgICBTeXN0ZW0ub3V0LnByaW50bG4oYmxvY2sgKyAiOiIgKyBpICsgIjoiICsgcG9zICsgIjoiICsgYiArICI+ICIgKyBzdGF0dXMgKyAiID0gIiArIGJ5dGVBcnJheVRvSGV4U3RyaW5nKGNtKSk7CgogICAgICAgICAgICAgICAgICAgIGlmIChzdGF0dXMgPT0gNDA0KSB7CiAgICAgICAgICAgICAgICAgICAgICAgIC8vIHBhZCBpcyBjb3JyZWN0CiAgICAgICAgICAgICAgICAgICAgICAgIGZvdW5kID0gKGJ5dGUpIGI7CiAgICAgICAgICAgICAgICAgICAgICAgIGJyZWFrOwogICAgICAgICAgICAgICAgICAgIH0gZWxzZSBpZiAoc3RhdHVzID09IDIwMCkgewogICAgICAgICAgICAgICAgICAgICAgICAvLyBwYWQgaXMgY29ycmVjdCBvciBubyBjaGFuZ2VzIHRvIGd1ZXNzZWQgdmFsdWUgYXJlIG1hZGUKICAgICAgICAgICAgICAgICAgICAgICAgLy8gdGhpcyBjYW4gaGFwcGVuIGlmIHBhZCBlcXVhbHMgZ3Vlc3NlZCB2YWx1ZSwgdGhlbgogICAgICAgICAgICAgICAgICAgICAgICAvLyBwYWQgXiBndWVzc2VkID0gMAogICAgICAgICAgICAgICAgICAgICAgICAvLyBzYXZlIHRoaXMgdmFsdWUgYXMgcG9zc2libGUgcmVzdWx0CiAgICAgICAgICAgICAgICAgICAgICAgIC8vIGJ1dCB3YWl0IGlmIDQwNCBpcyByZXR1cm5lZAogICAgICAgICAgICAgICAgICAgICAgICBmb3VuZCA9IChieXRlKSBiOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIH0KCiAgICAgICAgICAgICAgICAvLyBzYXZlIGZvdW5kIHZhbHVlIGZvciBuZXh0IHJvdW5kCiAgICAgICAgICAgICAgICBjYltwb3NdID0gKGJ5dGUpIChjYltwb3NdIF4gZm91bmQpOwoKICAgICAgICAgICAgICAgIC8vIHNhdmUgdG8gZGVjcnlwdGVkIHZhbHVlCiAgICAgICAgICAgICAgICBkID0gKGNoYXIpIGZvdW5kICsgZDsKCiAgICAgICAgICAgICAgICAvLyBMb2cgZGVjcnlwdGVkIHZhbHVlCiAgICAgICAgICAgICAgICBTeXN0ZW0ub3V0LnByaW50bG4oImZvdW5kID4+ICIgKyBmb3VuZCArICIgPSAiICsgZCk7CiAgICAgICAgICAgICAgICBTeXN0ZW0ub3V0LnByaW50bG4oKTsKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICBwdWJsaWMgc3RhdGljIGludCBnZXRVcmxTdGF0dXMoU3RyaW5nIHVybFBhdGgpIHRocm93cyBJT0V4Y2VwdGlvbiB7CiAgICAgICAgVVJMIHVybCA9IG5ldyBVUkwodXJsUGF0aCk7CiAgICAgICAgVVJMQ29ubmVjdGlvbiBjb25uZWN0aW9uID0gdXJsLm9wZW5Db25uZWN0aW9uKCk7CgogICAgICAgIGNvbm5lY3Rpb24uY29ubmVjdCgpOwoKICAgICAgICBpZiAoY29ubmVjdGlvbiBpbnN0YW5jZW9mIEh0dHBVUkxDb25uZWN0aW9uKSB7CiAgICAgICAgICAgIEh0dHBVUkxDb25uZWN0aW9uIGh0dHBDb25uZWN0aW9uID0gKEh0dHBVUkxDb25uZWN0aW9uKSBjb25uZWN0aW9uOwoKICAgICAgICAgICAgcmV0dXJuIGh0dHBDb25uZWN0aW9uLmdldFJlc3BvbnNlQ29kZSgpOwogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIHJldHVybiAwOwogICAgICAgIH0KICAgIH0KCiAgICBwdWJsaWMgc3RhdGljIGJ5dGVbXSBoZXhTdHJpbmdUb0J5dGVBcnJheShTdHJpbmcgcykgewogICAgICAgIGludCBsZW4gPSBzLmxlbmd0aCgpOwogICAgICAgIGJ5dGVbXSBkYXRhID0gbmV3IGJ5dGVbbGVuIC8gMl07CiAgICAgICAgZm9yIChpbnQgaSA9IDA7IGkgPCBsZW47IGkgKz0gMikgewogICAgICAgICAgICBkYXRhW2kgLyAyXSA9IChieXRlKSAoKENoYXJhY3Rlci5kaWdpdChzLmNoYXJBdChpKSwgQkxPQ0tfU0laRSkgPDwgNCkKICAgICAgICAgICAgICAgICAgICArIENoYXJhY3Rlci5kaWdpdChzLmNoYXJBdChpICsgMSksIEJMT0NLX1NJWkUpKTsKICAgICAgICB9CiAgICAgICAgcmV0dXJuIGRhdGE7CiAgICB9CgogICAgcHVibGljIHN0YXRpYyBTdHJpbmcgYnl0ZUFycmF5VG9IZXhTdHJpbmcoYnl0ZVtdIGJ5dGVzKSB7CiAgICAgICAgY2hhcltdIGhleENoYXJzID0gbmV3IGNoYXJbYnl0ZXMubGVuZ3RoICogMl07CiAgICAgICAgaW50IHY7CiAgICAgICAgZm9yIChpbnQgaiA9IDA7IGogPCBieXRlcy5sZW5ndGg7IGorKykgewogICAgICAgICAgICB2ID0gYnl0ZXNbal0gJiAweEZGOwogICAgICAgICAgICBoZXhDaGFyc1tqICogMl0gPSBIRVhfQVJSQVlbdiA+Pj4gNF07CiAgICAgICAgICAgIGhleENoYXJzW2ogKiAyICsgMV0gPSBIRVhfQVJSQVlbdiAmIDB4MEZdOwogICAgICAgIH0KICAgICAgICByZXR1cm4gbmV3IFN0cmluZyhoZXhDaGFycyk7CiAgICB9Cgp9