p = 0xf6e82946a9e7657cebcd14018a314a33c48b80552169f3069923d49c301f8dbfc6a1ca82902fc99a9e8aff92cef927e8695baeba694ad79b309af3b6a190514cb6bfa98bbda651f9dc8f80d8490a47e8b7b22ba32dd5f24fd7ee058b4f6659726b9ac50c8a7f97c3c4a48f830bc2767a15c16fe28a9b9f4ca3949ab6eb2e53c3 g = 5
import string from itertools import product from gmpy2 import *
p = 173383907346370188246634353442514171630882212643019826706575120637048836061602034776136960080336351252616860522273644431927909101923807914940397420063587913080793842100264484222211278105783220210128152062330954876427406484701993115395306434064667136148361558851998019806319799444970703714594938822660931343299 g = 5 c = 105956730578629949992232286714779776923846577007389446302378719229216496867835280661431342821159505656015790792811649783966417989318584221840008436316642333656736724414761508478750342102083967959048112859470526771487533503436337125728018422740023680376681927932966058904269005466550073181194896860353202252854
half_len = 6 flag_length = len('flag{}') + half_len * 2 d = b'}' + long_to_bytes(128 - flag_length) * (128 - flag_length) b = 256 ** (len(d) + half_len) a = bytes_to_long(b'flag{') * 256 ** (len(d) + half_len * 2) u = pow(g, b, p) v = pow(g, -256 ** len(d), p) d = bytes_to_long(d) c_ = (c * pow(g, -a, p) * pow(g, -d, p)) % p
lowercase_hex_chars = string.hexdigits[:16] combination = [bytes_to_long(''.join(chars).encode()) for chars in product(lowercase_hex_chars, repeat=6)]
from tqdm import tqdm ans = {} for y in tqdm(combination): key = (c_ * powmod(v, y, p)) % p ans[key] = y