In Note, we can use arbitrary regular expressions. However, in Note2, they banned the characters of {, }, (, ), +, and * in regular expressions. We can still use . and ?, so we managed to do a blind regular expression injection attack. The attack vectors are ^TSGCTF.A|^.?.?.?.?.?....., ^TSGCTF.B|^.?.?.?.?.?....., and so on. Other details of Note2 are the same as that of Note, so see https://ctftime.org/writeup/22284.