In Note, we can use arbitrary regular expressions.
However, in Note2, they banned the characters of `{`, `}`, `(`, `)`, `+`, and `*` in regular expressions.
We can still use `.` and `?`, so we managed to do a blind regular expression injection attack.
The attack vectors are `^TSGCTF.A|^.?.?.?.?.?.....`, `^TSGCTF.B|^.?.?.?.?.?.....`, and so on.
Other details of Note2 are the same as that of Note, so see https://ctftime.org/writeup/22284.