Tags: python3 primes mersenne crypto math
Rating:
# BsidesBOSCTFMaelstromWriteup
Here is my writeup for the Maelstrom problem from BsidesBOS CTF, a Capture the Flag competition by the developers of VirSecCon CTF, NahamCon CTF, and H@cktivityCon CTF, in coordination with the BsidesBoston virtual conference. This problem is worth 474 points in the Cryptography section.
## Problem Statement
Can you [decrypt](https://github.com/csn3rd/BsidesBOSCTFMaelstromWriteup/blob/main/decrypt.py) the flag?
### decrypt.py
```
import base64
num = 0
count = 0
cipher_b64 = b"MTEwLDEwNCwxMDksMjYsODA5NiwxMzA5NTksNTI0MTczLDIxNDc0ODM1NDIsMjMwNTg0MzAwOTIxMzY5Mzg0Miw2MTg5NzAwMTk2NDI2OTAxMzc0NDk1NjIwMTAsMTYyMjU5Mjc2ODI5MjEzMzYzMzkxNTc4MDEwMjg4MDEyLDE3MDE0MTE4MzQ2MDQ2OTIzMTczMTY4NzMwMzcxNTg4NDEwNTYzMiw2ODY0Nzk3NjYwMTMwNjA5NzE0OTgxOTAwNzk5MDgxMzkzMjE3MjY5NDM1MzAwMTQzMzA1NDA5Mzk0NDYzNDU5MTg1NTQzMTgzMzk3NjU2MDUyMTIyNTU5NjQwNjYxNDU0NTU0OTc3Mjk2MzExMzkxNDgwODU4MDM3MTIxOTg3OTk5NzE2NjQzODEyNTc0MDI4MjkxMTE1MDU3MDQyLDUzMTEzNzk5MjgxNjc2NzA5ODY4OTU4ODIwNjU1MjQ2ODYyNzMyOTU5MzExNzcyNzAzMTkyMzE5OTQ0NDEzODIwMDQwMzU1OTg2MDg1MjI0MjczOTE2MjUwMjI2NTIyOTI4NTY2ODg4OTMyOTQ4NjI0NjUwMTAxNTM0NjU3OTMzNzY1MjcwNzIzOTQwOTUxOTk3ODc2NjU4NzM1MTk0MzgzMTI3MDgzNTM5MzIxOTAzMTcyODAxNiwxMDQwNzkzMjE5NDY2NDM5OTA4MTkyNTI0MDMyNzM2NDA4NTUzODYxNTI2MjI0NzI2NjcwNDgwNTMxOTExMjM1MDQwMzYwODA1OTY3MzM2MDI5ODAxMjIzOTQ0MTczMjMyNDE4NDg0MjQyMTYxMzk1NDI4MTAwNzc5MTM4MzU2NjI0ODMyMzQ2NDkwODEzOTkwNjYwNTY3NzMyMDc2MjkyNDEyOTUwOTM4OTIyMDM0NTc3MzE4MzM0OTY2MTU4MzU1MDQ3Mjk1OTQyMDU0NzY4OTgxMTIxMTY5MzY3NzE0NzU0ODQ3ODg2Njk2MjUwMTM4NDQzODI2MDI5MTczMjM0ODg4NTMxMTE2MDgyODUzODQxNjU4NTAyODI1NTYwNDY2NjIyNDgzMTg5MDkxODgwMTg0NzA2ODIyMjIwMzE0MDUyMTAyNjY5ODQzNTQ4ODczMjk1ODAyODg3ODA1MDg2OTczNjE4NjkwMDcxNDcyMDcxMDU1NTcwMzE2ODcyODk3MywxNDc1OTc5OTE1MjE0MTgwMjM1MDg0ODk4NjIyNzM3MzgxNzM2MzEyMDY2MTQ1MzMzMTY5Nzc1MTQ3NzcxMjE2NDc4NTcwMjk3ODc4MDc4OTQ5Mzc3NDA3MzM3MDQ5Mzg5Mjg5MzgyNzQ4NTA3NTMxNDk2NDgwNDc3MjgxMjY0ODM4NzYwMjU5MTkxODE0NDYzMzY1MzMwMjY5NTQwNDk2OTYxMjAxMTEzNDMwMTU2OTAyMzk2MDkzOTg5MDkwMjI2MjU5MzI2OTM1MDI1MjgxNDA5NjE0OTgzNDk5Mzg4MjIyODMxNDQ4NTk4NjAxODM0MzE4NTM2MjMwOTIzNzcyNjQxMzkwMjA5NDkwMjMxODM2NDQ2ODk5NjA4MjEwNzk1NDgyOTYzNzYzMDk0MjM2NjMwOTQ1NDEwODMyNzkzNzY5OTA1Mzk5OTgyNDU3MTg2MzIyOTQ0NzI5NjM2NDE4ODkwNjIzMzcyMTcxNzIzNzQyMTA1NjM2NDQwMzY4MjE4NDU5NjQ5NjMyOTQ4NTM4Njk2OTA1ODcyNjUwNDg2OTE0NDM0NjM3NDU3NTA3MjgwNDQxODIzNjc2ODEzNTE3ODUyMDk5MzQ4NjYwODQ3MTcyNTc5NDA4NDIyMzE2Njc4MDk3NjcwMjI0MDExOTkwMjgwMTcwNDc0ODk0NDg3NDI2OTI0NzQyMTA4ODIzNTM2ODA4NDg1MDcyNTAyMjQwNTE5NDUyNTg3NTQyODc1MzQ5OTc2NTU4NTcyNjcwMjI5NjMzOTYyNTc1MjEyNjM3NDc3ODk3Nzg1NTAxNTUyNjQ2NTIyNjA5OTg4ODY5OTE0MDEzNTQwNDgzODA5ODY1NjgxMjUwNDE5NDk3Njg2Njk3NzcwOTA2LDQ0NjA4NzU1NzE4Mzc1ODQyOTU3MTE1MTcwNjQwMjEwMTgwOTg4NjIwODYzMjQxMjg1OTkwMTExMTk5MTIxOTk2MzQwNDY4NTc5MjgyMDQ3MzM2OTExMjU0NTI2OTAwMzk4OTAyNjE1MzI0NTkzMTEyNDMxNjcwMjM5NTc1ODcwNTY5MzY3OTM2NDc5MDkwMzQ5NzQ2MTE0NzA3MTA2NTI1NDE5MzM1MzkzODEyNDk3ODIyNjMwNzk0NzMxMjQxMDc5ODg3NDg2OTA0MDA3MDI3OTMyODQyODgxMDMxMTc1NDg0NDEwODA5NDg3ODI1MjQ5NDg2Njc2MDk2OTU4Njk5ODEyODk4MjY0NTg3NzU5NjAyODk3OTE3MTUzNjk2MjUwMzA2ODQyOTYxNzMzMTcwMjE4NDc1MDMyNDU4MzAwOTE3MTgzMjEwNDkxNjA1MDE1NzYyODg4NjYwNjM3MjE0NTUwMTcwMjIyNTkyNTEyNTIyNDA3NjgyOTYwNTQyNzE3MzU3Mzk2NDgxMjk5NTI1MDU2OTQxMjQ4MDcyMDczODQ3Njg1NTI5MzY4MTY2NjcxMjg0NDgzMTE5MDg3NzYyMDYwNjc4NjY2Mzg2MjE5MDI0MDExODU3MDczNjgzMTkwMTg4NjQ3OTIyNTgxMDQxNDcxNDA3ODkzNTM4NjU2MjQ5Nzk2ODE3ODcyOTEyNzYyOTU5NDkyNDQxMTk2MDk2MTM4NjcxMzk0NjI3OTg5OTI3NTAwNjk1NDkxNzEzOTc1ODc5NjA2MTIyMzgwMzM5MzUzNzM4MTAzNDY2NjQ5NDQwMjk1MTA1MjA1OTA0Nzk2ODY5MzI1NTM4ODY0NzkzMDQ0MDkyNTEwNDE4NjgxNzAwOTY0MDE3MTc2NDEzMzE3MjQxODEzMjgzNjI1NiwyNTkxMTcwODYwMTMyMDI2Mjc3NzYyNDY3Njc5MjI0NDE1MzA5NDE4MTg4ODc1NTMxMjU0MjczMDM5NzQ5MjMxNjE4NzQwMTkyNjY1ODYzNjIwODYyMDEyMDk1MTY4MDA0ODM0MDY1NTA2OTUyNDE3MzMxOTQxNzc0NDE2ODk1MDkyMzg4MDcwMTc0MTAzNzc3MDk1OTc1MTIwNDIzMTMwNjY2MjQwODI5MTYzNTM1MTc5NTIzMTExODYxNTQ4NjIyNjU2MDQ1NDc2OTExMjc1OTU4NDg3NzU2MTA1Njg3NTc5MzExOTEwMTc3MTE0MDg4MjYyNTIxNTM4NDkwMzU4MzA0MDExODUwNzIxMTY0MjQ3NDc0NjE4MjMwMzE0NzEzOTgzNDAyMjkyODgwNzQ1NDU2Nzc5MDc5NDEwMzcyODgyMzU4MjA3MDU4OTIzNTEwNjg0MzM4ODI5ODY4ODg2MTY2NTg2NTAyODA5Mjc2OTIwODAzMzk2MDU4NjkzMDg3OTA1MDA0MDk1MDM3MDk4NzU5MDIxMTkwMTgzNzE5OTE2MjA5OTQwMDI1Njg5MzUxMTMxMzY1NDg4Mjk3MzkxMTI2NTY3OTczMDMyNDE5ODY1MTcyNTAxMTY0MTI3MDM1MDk3MDU0Mjc3NzM0Nzc5NzIzNDk4MjE2NzY0NDM0NDY2NjgzODMxMTkzMjI1NDAwOTk2NDg5OTQwNTE3OTAyNDE2MjQwNTY1MTkwNTQ0ODM2OTA4MDk2MTYwNjE2MjU3NDMwNDIzNjE3MjE4NjMzMzk0MTU4NTI0MjY0MzEyMDg3MzcyNjY1OTE5NjIwNjE3NTM1MzU3NDg4OTI4OTQ1OTk2MjkxOTUxODMwODI2MjE4NjA4NTM0MDA5Mzc5MzI4Mzk0MjAyNjE4NjY1ODYxNDI1MDMyNTE0NTA3NzMwOTYyNzQyMzUzNzY4MjI5Mzg2NDk0MDcxMjc3MDA4NDYwNzcxMjQyMTE4MjMwODA4MDQxMzkyOTgwODcwNTc1MDQ3MTM4MjUyNjQ1NzE0NDgzNzkzNzExMjUwMzIwODE4MjYxMjY1NjY2NDkwODQyNTE2OTk0NTM5NTE4ODc3ODk2MTM2NTAyNDg0MDU3MzkzNzg1OTQ1OTk0NDQzMzUyMzExODgyODAxMjM2NjA0MDYyNjI0Njg2MDkyMTIxNTAzNDk5Mzc1ODQ3ODIyOTIyMzcxNDQzMzk2Mjg4NTg0ODU5MzgyMTU3Mzg4MjEyMzIzOTM2ODcwNDYxNjA2NzczNjI5MDkzMTQ5NjgsMTkwNzk3MDA3NTI0NDM5MDczODA3NDY4MDQyOTY5NTI5MTczNjY5MzU2OTk0NzQ5OTQwMTc3Mzk0NzQxODgyNjczNTI4OTc5Nzg3MDA1MDUzNzA2MzY4MDQ5ODM1NTE0OTAwMjQ0MzAzNDk1OTU0OTUwNzA5NzI1NzYyMTg2MzExMjI0MTQ4ODI4ODExOTIwMjE2OTA0NTQyMjA2OTYwNzQ0NjY2MTY5MzY0MjIxMTk1Mjg5NTM4NDM2ODQ1MzkwMjUwMTY4NjYzOTMyODM4ODA1MTkyMDU1MTM3MTU0MzkwOTEyNjY2NTI3NTMzMDA3MzA5MjkyNjg3NTM5MDkyMjU3MDQzMzYyNTE3ODU3MzY2NjI0Njk5OTc1NDAyMzc1NDYyOTU0NDkwMjkzMjU5MjMzMzAzMTM3MzMwNjQzNTMxNTU2NTM5NzM5OTIxOTI2MjAxNDM4NjA2NDM5MDIwMDc1MTc0NzIzMDI5MDU2ODM4MjcyNTA1MDUxNTcxOTY3NTk0NjA4MzUwMDYzNDA0NDk1OTc3NjYwNjU2MjY5MDIwODIzOTYwODI1NTY3MDEyMzQ0MTg5OTA4OTI3OTU2NjQ2MDExOTk4MDU3OTg4NTQ4NjMwMTA3NjM3MzgwOTkzNTE5ODI2NTgyMzg5NzgxODg4MTM1NzA1NDA4NjUzMDQ1MjE5NjU1ODAxNzU4MDgxMjUxMTY0MDgwNTU0NjA5MDU3NDY4MDI4MjAzMzA4NzE4NzI0NjU0MDgxMDU1MzIzMjE1ODYwMTg5NjExMzkxMjk2MDMwNDcxMTA4NDQzMTQ2NzQ1NjcxOTY3NzY2MzA4OTI1ODU4NTQ3MjcxNTA3MzExNTYzNzY1MTcxMDA4MzE4MjQ4NjQ3MTEwMDk3NjE0ODkwMzEzNTYyODU2NTQxNzg0MTU0ODgxNzQzMTQ2MDMzOTA5NjAyNzM3OTQ3Mzg1MDU1MzU1OTYwMzMxODU1NjE0NTQwOTAwMDgxNDU2Mzc4NjU5MDY4MzcwMzE3MjY3Njk2OTgwMDAxMTg3NzUwOTk1NDkxMDkwMzUwMTA4NDE3MDUwOTE3OTkxNTYyMTY3OTcyMjgxMDcwMTYxMzA1OTcyNTE4MDQ0ODcyMDQ4MzMxMzA2MzgzNzE1MDk0ODU0OTM4NDE1NzM4NTQ5ODk0NjA2MDcwNzIyNTg0NzM3OTc4MTc2Njg2NDIyMTM0MzU0NTI2OTg5NDQzMDI4MzUzNjQ0MDM3MTg3Mzc1Mzg1Mzk3ODM4MjU5NTExODMzMTY2NDE2MTM0MzIzNjk1NjYwMzY3Njc2ODk3NzIyMjg3OTE4NzczNDIwOTY4OTgyMzI2MDg5MDI2MTUwMDMxNTE1NDI0MTY1NDYyMTExMzM3NTI3NDMxMTU0ODkwNjY2MzI3Mzc0OTIxNDQ2Mjc2ODMzNTY0NTE5Nzc2Nzk3NjMzODc1NTAzNTQ4NjY1MDkzOTE0NTU2NDgyMDMxNDgyMjQ4ODgzMTI3MDIzNzc3MDM5NjY3NzA3OTc2NTU5ODU3MzMzMzU3MDEzNzI3MzQyMDc5MDk5MDY0NDAwNDU1NzQxODMwNjU0MzIwMzc5MzUwODMzMjM2MjQ1ODE5MzQ4ODI0MDY0NzgzNTg1NjkyOTI0ODgxMDIxOTc4MzMyOTc0OTQ5OTA2MTIyNjY0NDIxMzc2MDM0Njg3ODE1MzUwNDg0ODgwLDI4NTU0MjU0MjIyODI3OTYxMzkwMTU2MzU2NjEwMjE2NDAwODMyNjE2NDIzODY0NDcwMjg4OTE5OTI0NzQ1NjYwMjI4NDQwMDM5MDYwMDY1Mzg3NTk1NDU3MTUwNTUzOTg0MzIzOTc1NDUxMzkxNTg5NjE1MDI5Nzg3ODM5OTM3NzA1NjA3MTQzNTE2OTc0NzIyMTEwNzk4ODc5MTE5ODIwMDk4ODQ3NzUzMTMzOTIxNDI4Mjc3MjAxNjA1OTAwOTkwNDU4NjY4NjI1NDk4OTA4NDgxNTczNTQyMjQ4MDQwOTAyMjM0NDI5NzU4ODM1MjUyNjAwNDM4Mzg5MDYzMjYxNjEyNDA3NjMxNzM4NzQxNjg4MTE0ODU5MjQ4NjE4ODM2MTg3MzkwNDE3NTc4MzE0NTY5NjAxNjkxOTU3NDM5MDc2NTU5ODI4MDE4ODU5OTAzNTU3ODQ0ODU5MTA3NzY4MzY3NzE3NTUyMDQzNDA3NDI4NzcyNjU3ODAwNjI2Njc1OTYxNTk3MDc1OTUyMTMyNzgyODU1NTY2Mjc4MTY3ODM4NTY5MTU4MTg0NDQzNjQ0NDgxMjUxMTU2MjQyODEzNjc0MjQ5MDQ1OTM2MzIxMjgxMDE4MDI3NjA5NjA4ODExMTQwMTAwMzM3NzU3MDM2MzU0NTcyNTEyMDkyNDA3MzY0NjkyMTU3Njc5NzE0NjE5OTM4NzYxOTI5NjU2MDMwMjY4MDI2MTc5MDExODEzMjkyNTAxMjMyMzA0NjQ0NDQzODYyMjMwODg3NzkyNDYwOTM3Mzc3MzAxMjQ4MTY4MTY3MjQyNDQ5MzY3NDQ3NDQ4ODUzNzc3MDE1NTc4MzAwNjg4MDg1MjY0ODE2MTUxMzA2NzE0NDgxNDc5MDI4ODM2NjY2NDA2MjI1NzI3NDY2NTI3NTc4NzEyNzM3NDY0OTIzMTA5NjM3NTAwMTE3MDkwMTg5MDc4NjI2MzMyNDYxOTU3ODc5NTczMTQyNTY5MzgwNTA3MzA1NjExOTY3NzU4MDMzODA4NDMzMzM4MTk4NzUwMDkwMjk2ODgzMTkzNTkxMzA5NTI2OTgyMTMxMTE0MTMyMjM5MzM1NjQ5MDE3ODQ4ODcyODk4MjI4ODE1NjI4MjYwMDgxMzgzMTI5NjE0MzY2Mzg0NTk0NTQzMTE0NDA0Mzc1MzgyMTU0Mjg3MTI3Nzc0NTYwNjQ0Nzg1ODU2NDE1OTIxMzMyODQ0MzU4MDIwNjQyMjcxNDY5NDkxMzA5MTc2MjcxNjQ0NzA0MTY4OTY3ODA3MDA5Njc3MzU5MDQyOTgwODkwOTYxNjc1MDQ1MjkyNzI1ODAwMDg0MzUwMDM0NDgzMTYyODI5NzA4OTkwMjcyODY0OTk4MTk5NDM4NzY0NzIzNDU3NDI3NjI2MzcyOTY5NDg0ODMwNDc1MDkxNzE3NDE4NjE4MTEzMDY4ODUxODc5Mjc0ODYyMjYxMjI5MzM0MTM2ODkyODA1NjYzNDM4NDQ2NjY0NjMyNjU3MjQ3NjE2NzI3NTY2MDgzOTEwNTY1MDUyODk3NTcxMzg5OTMyMDIxMTEyMTQ5NTc5NTMxMTQyNzk0NjI1NDU1MzMwNTM4NzA2NzgyMTA2NzYwMTc2ODc1MDk3Nzg2NjEwMDQ2MDAxNDYwMjEzODQwODQ0ODAyMTIyNTA1MzY4OTA1NDc5Mzc0MjAwMzA5NTcyMjA5NjczMjk1NDc1MDcyMTcxODExNTUzMTg3MTMxMDIzMTA1NzkwMjYwODU4MDQ5Niw0NzgyMjAyNzg4MDU0NjEyMDI5NTI4MzkyOTg2NjAwMDU5MDk3NDE0OTcxNzI0MDIyMzY1MDA4NTEzMzQ1MTA5OTE4Mzc4OTUwOTQyNjYyOTcwMjc4OTI3Njg2MTEyNzA3ODk0NTg2ODI0NzIwOTgxNTI0MjU2MzE5MzA2NTg1MDUyNjc2ODM0MDg3NDgwODM0NDI5NDMzMjY0Nzk3NDI1ODkzMjQ3NjIzNjg4MzMxMDIxNjMzMjA4OTU0ODQ3MzU0ODA1Nzk5OTQzMzQxMzA5ODI1OTg5MDEzNzQzODA2MTg3MTA5NTgxMDQzMTQ4NjgwODEzNzc4MzIxNTMwNDk2NzE1NjAxNTYzMjgyNjI0NDE0MDQwMzk4MTQzMjA3NjIyMDM2MjcyMTkwNDA4NTkwNzkwNTM3MjAzNDc1MjU2MTA1NTY0MDcxNTc5MjYzODY3ODc1MjQwOTg1NTczMzU2NTIyNjU2MTA4NTQyMTI4NTc3MzIxMDU3ODc5MDUyMzI4ODY1MDM1MzU1ODczNjE1Njc5MzYzNjU1ODg5OTI1NzExNTc0NDIwMTUzODMyMDkxNzUyNDIyODQzMDQ2OTE4ODExNDI3NDAwNjYyMTM1NTU5MzAzNTE2ODUzNzAzOTc2ODEyNjg2Mzg1NzUwMzc2MjI3Nzg3OTQ5NTgwNTgyMDgxODMxMjYxNzI1NzAxMDAzNDk4MjA2NTEyMzI5ODcyNjc3MjMzNDg5NTEwOTUzNDY5Mzc1NjgzMDM3MDM4MzczOTk5Njk2NzcxNTg1Nzg4OTA1NjM5MTE1NTIyNjEzNDA1NDk1NzA3MTg0NTI0MTU4MjE5MjA4MjIzNzY2NDQyMDU5MDE0NTkzMzMwNjU3MDA5NzIyMTUzOTYyMzc2ODUzNDIzNzcwNDg2MTM4NTc4MDg5Nzc1NjIxMzAxMTY3ODExMjk5MTY2NDA3MzYxNzQ2NjA2Njk3ODA4MTg2NzU3OTY2OTE0NjcxMjQ2MDczNzEyOTA0MjAwNTg4NDA4OTIzMTg2Mzg3NzM3ODg3Njc1MjkyODg2OTUzNzk3MDY2OTgwOTY3NDA2MDUzNTMwMTIyODUzNTM5MDM2OTY1NDkwMjI0Nzg0OTI0NjQ5MDA3OTU0ODk4Njc4NTAzMzE0NjU1NTQ2NDc1NTA0NTAxNjg2MTg3MzU0ODY2OTY0Mzc0NTUyNjE0MTIwNjQwNzgyOTQ5NjIyNDUyMDI3Nzg4OTYyMTM4NjAyNjY1OTMzMTQ3Njg3Njk2MzIyMDg5NTA0Mjc4NzkxNjI0NjUxNTE5MzEyMzI3ODMxNzU2NTUzNzc5Mzc3MTk0NTI0NjczMzk1ODE5MjgxNDg2NjY4NTc2Mzg0MDE5NTkwNzIwMTc5NDEzMzQ5NTgyOTcwMzE5MzkzODg0Mzg4ODEwNDk0NTQ2MDQwMzQyMDg3NTM2NTYzNjI4MzMyMTUyMDczMTgxNjE0MzAwNzIxNzY5MzcxNDI2MjM4NTE3NTQwNTIwODQ1MjE0NjY1MzEzMzAxMTgzNTUxOTYyNTkxODQ5NTU4OTM4NDk5MDI1MzQ4NzgwMzc2NzE2NDc3MDczOTMwNjM0NDM2ODQwMDg0NDY4MjU1OTM3NDQzNDUxNjkwMzE1OTk5MzQ5MTM3NjY0NjM4OTY4OTcyNjE0MTk5MDE1MzA0OTA2NTQ3ODE5MDU2MjI3MTcxMjI0OTQ3MDcwNzM5NzE2MzAwOTUzNzc1NzQzNDQxMzA3OTIwNTAxODYzNTMyMjM0NDY2NTQ1NjQ1Njk1Nzc0MzMxODg1MDQ0OTc4MjUwMTQ4NjYzNDY3MzcyMTMwMzkyMDk5ODk0ODUyMTQ1MTkwOTk4MjMyODc4NzcyNDg2NjUwNTEzMDEwODE2NzY5OTAyODkyNTE4NzE5MjUwMDY2OTQ3MjE1NzA2NTM2MjE2MjQ4Njk2MjQwNTY5MjU2ODY1NTU0Mjk2MjIxNTUyMjExNTYwNDI3Nzc4NjYyNTQ1OTM2OTk4ODAxMDcwMTg2MTYyNjAxNDc2NDc0MjkzNDU5ODMwMTgzNjUxMjczMzYzNDYyNzMyNjc1ODgzMDYwNzAxNDEwMzU5MjU0ODI5MTQ5Nzc0MzM5Mjk3MTczNjgwNzY1NjEwOTU5NTk5OTExMzA5MTg5Nzg4MjM4MzUwMTMxNjM1NjcyNjYxNDM1OTY5MjE4MjM5OTc3MTk2OTMzODc0Mzk1NDAzOTk2NjIzNjc1NTgwNTI4MjExMjA3MTM2Mzk2MzcwODU4MDU2MDUxMTYwNzgxNzcwOTg1NDUyNTc2OTg4MDMyMzMzODEyOTM5MjcyNzUyMTAxOTQ0NjI5NTI3NDkwMzEzODM1NTUxOTg1MTk3MDk1OTI4ODg1MjM2NDE1MzAxNzg5MjE4Njc1MTQxMDE0NTQxMjAzMDk2MTkxMjcwOTM0MzY5MDM5NTIyMDk4MjgwMzE3NjY4OTQyMDYxMzI1NTcyMzQ5NjQzNjM4NDAzMDU2NDg3MzQ5MjkwODg0MjIzNzg2MjkyODg3NDcyMjMxMjE5MDMyMzg1MjgxMDM0MDkxODI0MzA2NjE4OTQ3NzQwNzI3MjY1NTI0Mjg0ODkzMzA0NDc0ODYxNDU0OTQyMDc2Nzk5MDQxNzM5NDQ3MTY1ODM4MjgxNjcxNDEwNDM1ODMxMjA2NzkwNTAxOTE0NTI3MzI2Mjg3MzcwMzM5OTc0NzA3MjA2MDE2ODgyNTYyODI3NDA0MjcwMTcwMzIyNjA2NzI3OTgwMzQzNDc5MzI2NDI1NzMwMDkxODM5ODEzMDc3NzE5MzIyNDU1Mzk0NzYzOTYwNjA2NTg4MjE0MzI2NjAzMTU2MTQxNDkwNzQwNTU3Njk4MDU1MTY2MjYzMDQ0NDQ3NTgzNzU2NzExNTE2NDkwMTgxMTkzNDQyMjM2ODU5NDI0MTUxODQzNzk1Mzg5MzM1NzY1NDMyMTI5OTQ0MDU0ODU1MzQ1MTU1ODU5MjczNDI0NTYxODI1MTQ2ODEzNzE0NzIwNjA2Mjg3NzgxMDIxMjQwOTIzNzA4MDIxNDkyMjk4MzQ5NjM1MTc5NTI3MjcwMzAyOTYyOTcwMTU2OTI3Njg2NTExNjM1MDUwMDgwNDA3MjgyNjc0MjUyMzYyNjQ0Njk1NzEwNzY5NzY4ODY2MTM3MzAyNzg5MzEzNjA5Njc0MzgyNzE5MDE3Mzg1NTA4NDg0NjYzMzczNDc2MTIwODQzNTY3OTgzMDY1MDU5NTU4MDcyOTM1MTEwNjM3NTQ0MjQwODA3MzUwNjY3MDgyOTg3MjMzNzc5NzY4ODc0OTM4OTgzNTg0NTIzMDk1NjM4OTk2MTIwNjE2MzE4NjM0MzkxOTY3MTEyMDg2NDY0Mzg0NjQ5NDcwOTYzMjMwMDcyNzI5MjAwOTEyNTg2MTQ3MjY3OTk5NzYyNDk2NzA5ODUyNzY5NTAzNTM1NzMzOTI0NDE2MjAyNjU3NzIwNzQxMjQ4NjgzNTkyMjAyODI4OTgzMzExMTQwODMzOTIzMzAyNDMzOTE3Nzk3OTc2OTkwMzExNDI1ODQzNjE5MzUwOTM2NzU0NDgzODExMTk0NDA4ODEyNzYzMzg4MDg0MjA0NDUxODA0OTEyNDU0MzgzODg0MTgwODAwOTQ1Mjc1NjI2NjY4MDU3NjI4OTU0NzYzMzg0NjQxMzA1MTA3NzUzNzczMjQ3MDgyNDk1ODA0NTMzMzU1NzE3NDgxOTY1MDI1MDcwODE5NzMwNDY2NDIyODI2MTA1Njk3NTEwNTY0Mjg5Nzk4OTUxMTgyMTkyODg1OTc2MzUyMjI5MDUzODk4OTQ4NzM3NjE0NjQyMTM5OTEwOTExNTM1ODY0NTA1ODE4OTkyNjk2ODI2MjI1NzU0MDEx"
cipher = base64.b64decode(cipher_b64).decode().split(",")
def x(num):
if num > 1:
for i in range(2, num):
if (num % i) == 0:
return False
break
return True
else:
return False
def z(num):
return (2 ** num) - 1
print("flag{", end="")
while count < len(cipher):
if x(z(num)):
print(chr(int(cipher[count]) ^ z(num)), end="", flush=True)
count += 1
num += 1
print("}")
```
## Solution
For this challenge, we are given a python file named `decrypt.py`. When we run the code, we see that part of the flag is printed but it seems to be really slow in calculating and printing out the rest of the flag.
Let's take a look into the code and see if there are any ways to optimize and speed up the program. Starting from the top, we have two variables num and count both initialized to 0. Then, we are given the ciphertext which is a long string of base64 encoded bytes.
Following that, we have 2 functions. In function x, a variable num is passed as a parameter. We see that the function only returns true if num is larger than 1 and is not divisible by any number between 2 and num-1. We can recognize this as a function which checks whether num is prime or not. Next, we have a function z. A variable num is passed as a parameter and the function returns 2<sup>num</sup>-1.
At the end, the flag is printed. We see that count keeps track of the number of characters we have gone through and will determine the length of the flag. The variable num is constantly incremented and passed as a parameter. We recognize from our previous analysis of the two functions that `x(z(num))` is equivalent to `x(2<sup>num</sup>-1)` which is equivalent to whether `2<sup>num</sup>-1` is prime or not. If it is prime, then the next character in the flag is the xor of the ciphertext and 2<sup>num</sup>-1 and count is increased.
Now that we know how the flag is built, we can do some research on these unique prime numbers and see if there are any efficient algorithms to generate the next prime number that is one less than a power of two. If we just search that on Google, we discover a that these numbers are called [Mersenne Primes](https://en.wikipedia.org/wiki/Mersenne_prime).
According to Wikipedia, "in mathematics, a Mersenne prime is a prime number that is one less than a power of two. That is, it is a prime number of the form M<sub>n</sub> = 2<sup>n</sup> − 1 for some integer n. They are named after Marin Mersenne, a French Minim friar, who studied them in the early 17th century." Looking deeper into the article, we learn that "as of August 2020, 51 Mersenne primes are known." Another useful piece of information is that each Mersenne prime 2<sup>*p*</sup>-1 has a corresponding Mersenne exponent *p*.
For the purpose of the CTF, I assumed that the flag was shorter than 50 characters and did not require us to find any more Mersenne primes. (It took over 20 years for the massive distributed computing project Great Internet Mersenne Prime Search to discover the 35th to 51st Mersenne primes. To solve such a challenge within the 48 hours of a CTF would be a massive improvement on the current algorithms.)
Here is the [OEIS entry for Mersenne primes](https://oeis.org/A000668) and here is the [OEIS entry for Mersenne exponents](https://oeis.org/A000043). The OEIS entry for Mersenne primes only contains 12 entries so we'll use Mersenne exponents instead. We can create an array storing all the Mersenne exponents and then take the xor of it with the corresponding elements of the cipher. The variable num is no longer needed, as well as functions x and z.
Here is our final code:
```
import base64
count = 0
cipher_b64 = b"MTEwLDEwNCwxMDksMjYsODA5NiwxMzA5NTksNTI0MTczLDIxNDc0ODM1NDIsMjMwNTg0MzAwOTIxMzY5Mzg0Miw2MTg5NzAwMTk2NDI2OTAxMzc0NDk1NjIwMTAsMTYyMjU5Mjc2ODI5MjEzMzYzMzkxNTc4MDEwMjg4MDEyLDE3MDE0MTE4MzQ2MDQ2OTIzMTczMTY4NzMwMzcxNTg4NDEwNTYzMiw2ODY0Nzk3NjYwMTMwNjA5NzE0OTgxOTAwNzk5MDgxMzkzMjE3MjY5NDM1MzAwMTQzMzA1NDA5Mzk0NDYzNDU5MTg1NTQzMTgzMzk3NjU2MDUyMTIyNTU5NjQwNjYxNDU0NTU0OTc3Mjk2MzExMzkxNDgwODU4MDM3MTIxOTg3OTk5NzE2NjQzODEyNTc0MDI4MjkxMTE1MDU3MDQyLDUzMTEzNzk5MjgxNjc2NzA5ODY4OTU4ODIwNjU1MjQ2ODYyNzMyOTU5MzExNzcyNzAzMTkyMzE5OTQ0NDEzODIwMDQwMzU1OTg2MDg1MjI0MjczOTE2MjUwMjI2NTIyOTI4NTY2ODg4OTMyOTQ4NjI0NjUwMTAxNTM0NjU3OTMzNzY1MjcwNzIzOTQwOTUxOTk3ODc2NjU4NzM1MTk0MzgzMTI3MDgzNTM5MzIxOTAzMTcyODAxNiwxMDQwNzkzMjE5NDY2NDM5OTA4MTkyNTI0MDMyNzM2NDA4NTUzODYxNTI2MjI0NzI2NjcwNDgwNTMxOTExMjM1MDQwMzYwODA1OTY3MzM2MDI5ODAxMjIzOTQ0MTczMjMyNDE4NDg0MjQyMTYxMzk1NDI4MTAwNzc5MTM4MzU2NjI0ODMyMzQ2NDkwODEzOTkwNjYwNTY3NzMyMDc2MjkyNDEyOTUwOTM4OTIyMDM0NTc3MzE4MzM0OTY2MTU4MzU1MDQ3Mjk1OTQyMDU0NzY4OTgxMTIxMTY5MzY3NzE0NzU0ODQ3ODg2Njk2MjUwMTM4NDQzODI2MDI5MTczMjM0ODg4NTMxMTE2MDgyODUzODQxNjU4NTAyODI1NTYwNDY2NjIyNDgzMTg5MDkxODgwMTg0NzA2ODIyMjIwMzE0MDUyMTAyNjY5ODQzNTQ4ODczMjk1ODAyODg3ODA1MDg2OTczNjE4NjkwMDcxNDcyMDcxMDU1NTcwMzE2ODcyODk3MywxNDc1OTc5OTE1MjE0MTgwMjM1MDg0ODk4NjIyNzM3MzgxNzM2MzEyMDY2MTQ1MzMzMTY5Nzc1MTQ3NzcxMjE2NDc4NTcwMjk3ODc4MDc4OTQ5Mzc3NDA3MzM3MDQ5Mzg5Mjg5MzgyNzQ4NTA3NTMxNDk2NDgwNDc3MjgxMjY0ODM4NzYwMjU5MTkxODE0NDYzMzY1MzMwMjY5NTQwNDk2OTYxMjAxMTEzNDMwMTU2OTAyMzk2MDkzOTg5MDkwMjI2MjU5MzI2OTM1MDI1MjgxNDA5NjE0OTgzNDk5Mzg4MjIyODMxNDQ4NTk4NjAxODM0MzE4NTM2MjMwOTIzNzcyNjQxMzkwMjA5NDkwMjMxODM2NDQ2ODk5NjA4MjEwNzk1NDgyOTYzNzYzMDk0MjM2NjMwOTQ1NDEwODMyNzkzNzY5OTA1Mzk5OTgyNDU3MTg2MzIyOTQ0NzI5NjM2NDE4ODkwNjIzMzcyMTcxNzIzNzQyMTA1NjM2NDQwMzY4MjE4NDU5NjQ5NjMyOTQ4NTM4Njk2OTA1ODcyNjUwNDg2OTE0NDM0NjM3NDU3NTA3MjgwNDQxODIzNjc2ODEzNTE3ODUyMDk5MzQ4NjYwODQ3MTcyNTc5NDA4NDIyMzE2Njc4MDk3NjcwMjI0MDExOTkwMjgwMTcwNDc0ODk0NDg3NDI2OTI0NzQyMTA4ODIzNTM2ODA4NDg1MDcyNTAyMjQwNTE5NDUyNTg3NTQyODc1MzQ5OTc2NTU4NTcyNjcwMjI5NjMzOTYyNTc1MjEyNjM3NDc3ODk3Nzg1NTAxNTUyNjQ2NTIyNjA5OTg4ODY5OTE0MDEzNTQwNDgzODA5ODY1NjgxMjUwNDE5NDk3Njg2Njk3NzcwOTA2LDQ0NjA4NzU1NzE4Mzc1ODQyOTU3MTE1MTcwNjQwMjEwMTgwOTg4NjIwODYzMjQxMjg1OTkwMTExMTk5MTIxOTk2MzQwNDY4NTc5MjgyMDQ3MzM2OTExMjU0NTI2OTAwMzk4OTAyNjE1MzI0NTkzMTEyNDMxNjcwMjM5NTc1ODcwNTY5MzY3OTM2NDc5MDkwMzQ5NzQ2MTE0NzA3MTA2NTI1NDE5MzM1MzkzODEyNDk3ODIyNjMwNzk0NzMxMjQxMDc5ODg3NDg2OTA0MDA3MDI3OTMyODQyODgxMDMxMTc1NDg0NDEwODA5NDg3ODI1MjQ5NDg2Njc2MDk2OTU4Njk5ODEyODk4MjY0NTg3NzU5NjAyODk3OTE3MTUzNjk2MjUwMzA2ODQyOTYxNzMzMTcwMjE4NDc1MDMyNDU4MzAwOTE3MTgzMjEwNDkxNjA1MDE1NzYyODg4NjYwNjM3MjE0NTUwMTcwMjIyNTkyNTEyNTIyNDA3NjgyOTYwNTQyNzE3MzU3Mzk2NDgxMjk5NTI1MDU2OTQxMjQ4MDcyMDczODQ3Njg1NTI5MzY4MTY2NjcxMjg0NDgzMTE5MDg3NzYyMDYwNjc4NjY2Mzg2MjE5MDI0MDExODU3MDczNjgzMTkwMTg4NjQ3OTIyNTgxMDQxNDcxNDA3ODkzNTM4NjU2MjQ5Nzk2ODE3ODcyOTEyNzYyOTU5NDkyNDQxMTk2MDk2MTM4NjcxMzk0NjI3OTg5OTI3NTAwNjk1NDkxNzEzOTc1ODc5NjA2MTIyMzgwMzM5MzUzNzM4MTAzNDY2NjQ5NDQwMjk1MTA1MjA1OTA0Nzk2ODY5MzI1NTM4ODY0NzkzMDQ0MDkyNTEwNDE4NjgxNzAwOTY0MDE3MTc2NDEzMzE3MjQxODEzMjgzNjI1NiwyNTkxMTcwODYwMTMyMDI2Mjc3NzYyNDY3Njc5MjI0NDE1MzA5NDE4MTg4ODc1NTMxMjU0MjczMDM5NzQ5MjMxNjE4NzQwMTkyNjY1ODYzNjIwODYyMDEyMDk1MTY4MDA0ODM0MDY1NTA2OTUyNDE3MzMxOTQxNzc0NDE2ODk1MDkyMzg4MDcwMTc0MTAzNzc3MDk1OTc1MTIwNDIzMTMwNjY2MjQwODI5MTYzNTM1MTc5NTIzMTExODYxNTQ4NjIyNjU2MDQ1NDc2OTExMjc1OTU4NDg3NzU2MTA1Njg3NTc5MzExOTEwMTc3MTE0MDg4MjYyNTIxNTM4NDkwMzU4MzA0MDExODUwNzIxMTY0MjQ3NDc0NjE4MjMwMzE0NzEzOTgzNDAyMjkyODgwNzQ1NDU2Nzc5MDc5NDEwMzcyODgyMzU4MjA3MDU4OTIzNTEwNjg0MzM4ODI5ODY4ODg2MTY2NTg2NTAyODA5Mjc2OTIwODAzMzk2MDU4NjkzMDg3OTA1MDA0MDk1MDM3MDk4NzU5MDIxMTkwMTgzNzE5OTE2MjA5OTQwMDI1Njg5MzUxMTMxMzY1NDg4Mjk3MzkxMTI2NTY3OTczMDMyNDE5ODY1MTcyNTAxMTY0MTI3MDM1MDk3MDU0Mjc3NzM0Nzc5NzIzNDk4MjE2NzY0NDM0NDY2NjgzODMxMTkzMjI1NDAwOTk2NDg5OTQwNTE3OTAyNDE2MjQwNTY1MTkwNTQ0ODM2OTA4MDk2MTYwNjE2MjU3NDMwNDIzNjE3MjE4NjMzMzk0MTU4NTI0MjY0MzEyMDg3MzcyNjY1OTE5NjIwNjE3NTM1MzU3NDg4OTI4OTQ1OTk2MjkxOTUxODMwODI2MjE4NjA4NTM0MDA5Mzc5MzI4Mzk0MjAyNjE4NjY1ODYxNDI1MDMyNTE0NTA3NzMwOTYyNzQyMzUzNzY4MjI5Mzg2NDk0MDcxMjc3MDA4NDYwNzcxMjQyMTE4MjMwODA4MDQxMzkyOTgwODcwNTc1MDQ3MTM4MjUyNjQ1NzE0NDgzNzkzNzExMjUwMzIwODE4MjYxMjY1NjY2NDkwODQyNTE2OTk0NTM5NTE4ODc3ODk2MTM2NTAyNDg0MDU3MzkzNzg1OTQ1OTk0NDQzMzUyMzExODgyODAxMjM2NjA0MDYyNjI0Njg2MDkyMTIxNTAzNDk5Mzc1ODQ3ODIyOTIyMzcxNDQzMzk2Mjg4NTg0ODU5MzgyMTU3Mzg4MjEyMzIzOTM2ODcwNDYxNjA2NzczNjI5MDkzMTQ5NjgsMTkwNzk3MDA3NTI0NDM5MDczODA3NDY4MDQyOTY5NTI5MTczNjY5MzU2OTk0NzQ5OTQwMTc3Mzk0NzQxODgyNjczNTI4OTc5Nzg3MDA1MDUzNzA2MzY4MDQ5ODM1NTE0OTAwMjQ0MzAzNDk1OTU0OTUwNzA5NzI1NzYyMTg2MzExMjI0MTQ4ODI4ODExOTIwMjE2OTA0NTQyMjA2OTYwNzQ0NjY2MTY5MzY0MjIxMTk1Mjg5NTM4NDM2ODQ1MzkwMjUwMTY4NjYzOTMyODM4ODA1MTkyMDU1MTM3MTU0MzkwOTEyNjY2NTI3NTMzMDA3MzA5MjkyNjg3NTM5MDkyMjU3MDQzMzYyNTE3ODU3MzY2NjI0Njk5OTc1NDAyMzc1NDYyOTU0NDkwMjkzMjU5MjMzMzAzMTM3MzMwNjQzNTMxNTU2NTM5NzM5OTIxOTI2MjAxNDM4NjA2NDM5MDIwMDc1MTc0NzIzMDI5MDU2ODM4MjcyNTA1MDUxNTcxOTY3NTk0NjA4MzUwMDYzNDA0NDk1OTc3NjYwNjU2MjY5MDIwODIzOTYwODI1NTY3MDEyMzQ0MTg5OTA4OTI3OTU2NjQ2MDExOTk4MDU3OTg4NTQ4NjMwMTA3NjM3MzgwOTkzNTE5ODI2NTgyMzg5NzgxODg4MTM1NzA1NDA4NjUzMDQ1MjE5NjU1ODAxNzU4MDgxMjUxMTY0MDgwNTU0NjA5MDU3NDY4MDI4MjAzMzA4NzE4NzI0NjU0MDgxMDU1MzIzMjE1ODYwMTg5NjExMzkxMjk2MDMwNDcxMTA4NDQzMTQ2NzQ1NjcxOTY3NzY2MzA4OTI1ODU4NTQ3MjcxNTA3MzExNTYzNzY1MTcxMDA4MzE4MjQ4NjQ3MTEwMDk3NjE0ODkwMzEzNTYyODU2NTQxNzg0MTU0ODgxNzQzMTQ2MDMzOTA5NjAyNzM3OTQ3Mzg1MDU1MzU1OTYwMzMxODU1NjE0NTQwOTAwMDgxNDU2Mzc4NjU5MDY4MzcwMzE3MjY3Njk2OTgwMDAxMTg3NzUwOTk1NDkxMDkwMzUwMTA4NDE3MDUwOTE3OTkxNTYyMTY3OTcyMjgxMDcwMTYxMzA1OTcyNTE4MDQ0ODcyMDQ4MzMxMzA2MzgzNzE1MDk0ODU0OTM4NDE1NzM4NTQ5ODk0NjA2MDcwNzIyNTg0NzM3OTc4MTc2Njg2NDIyMTM0MzU0NTI2OTg5NDQzMDI4MzUzNjQ0MDM3MTg3Mzc1Mzg1Mzk3ODM4MjU5NTExODMzMTY2NDE2MTM0MzIzNjk1NjYwMzY3Njc2ODk3NzIyMjg3OTE4NzczNDIwOTY4OTgyMzI2MDg5MDI2MTUwMDMxNTE1NDI0MTY1NDYyMTExMzM3NTI3NDMxMTU0ODkwNjY2MzI3Mzc0OTIxNDQ2Mjc2ODMzNTY0NTE5Nzc2Nzk3NjMzODc1NTAzNTQ4NjY1MDkzOTE0NTU2NDgyMDMxNDgyMjQ4ODgzMTI3MDIzNzc3MDM5NjY3NzA3OTc2NTU5ODU3MzMzMzU3MDEzNzI3MzQyMDc5MDk5MDY0NDAwNDU1NzQxODMwNjU0MzIwMzc5MzUwODMzMjM2MjQ1ODE5MzQ4ODI0MDY0NzgzNTg1NjkyOTI0ODgxMDIxOTc4MzMyOTc0OTQ5OTA2MTIyNjY0NDIxMzc2MDM0Njg3ODE1MzUwNDg0ODgwLDI4NTU0MjU0MjIyODI3OTYxMzkwMTU2MzU2NjEwMjE2NDAwODMyNjE2NDIzODY0NDcwMjg4OTE5OTI0NzQ1NjYwMjI4NDQwMDM5MDYwMDY1Mzg3NTk1NDU3MTUwNTUzOTg0MzIzOTc1NDUxMzkxNTg5NjE1MDI5Nzg3ODM5OTM3NzA1NjA3MTQzNTE2OTc0NzIyMTEwNzk4ODc5MTE5ODIwMDk4ODQ3NzUzMTMzOTIxNDI4Mjc3MjAxNjA1OTAwOTkwNDU4NjY4NjI1NDk4OTA4NDgxNTczNTQyMjQ4MDQwOTAyMjM0NDI5NzU4ODM1MjUyNjAwNDM4Mzg5MDYzMjYxNjEyNDA3NjMxNzM4NzQxNjg4MTE0ODU5MjQ4NjE4ODM2MTg3MzkwNDE3NTc4MzE0NTY5NjAxNjkxOTU3NDM5MDc2NTU5ODI4MDE4ODU5OTAzNTU3ODQ0ODU5MTA3NzY4MzY3NzE3NTUyMDQzNDA3NDI4NzcyNjU3ODAwNjI2Njc1OTYxNTk3MDc1OTUyMTMyNzgyODU1NTY2Mjc4MTY3ODM4NTY5MTU4MTg0NDQzNjQ0NDgxMjUxMTU2MjQyODEzNjc0MjQ5MDQ1OTM2MzIxMjgxMDE4MDI3NjA5NjA4ODExMTQwMTAwMzM3NzU3MDM2MzU0NTcyNTEyMDkyNDA3MzY0NjkyMTU3Njc5NzE0NjE5OTM4NzYxOTI5NjU2MDMwMjY4MDI2MTc5MDExODEzMjkyNTAxMjMyMzA0NjQ0NDQzODYyMjMwODg3NzkyNDYwOTM3Mzc3MzAxMjQ4MTY4MTY3MjQyNDQ5MzY3NDQ3NDQ4ODUzNzc3MDE1NTc4MzAwNjg4MDg1MjY0ODE2MTUxMzA2NzE0NDgxNDc5MDI4ODM2NjY2NDA2MjI1NzI3NDY2NTI3NTc4NzEyNzM3NDY0OTIzMTA5NjM3NTAwMTE3MDkwMTg5MDc4NjI2MzMyNDYxOTU3ODc5NTczMTQyNTY5MzgwNTA3MzA1NjExOTY3NzU4MDMzODA4NDMzMzM4MTk4NzUwMDkwMjk2ODgzMTkzNTkxMzA5NTI2OTgyMTMxMTE0MTMyMjM5MzM1NjQ5MDE3ODQ4ODcyODk4MjI4ODE1NjI4MjYwMDgxMzgzMTI5NjE0MzY2Mzg0NTk0NTQzMTE0NDA0Mzc1MzgyMTU0Mjg3MTI3Nzc0NTYwNjQ0Nzg1ODU2NDE1OTIxMzMyODQ0MzU4MDIwNjQyMjcxNDY5NDkxMzA5MTc2MjcxNjQ0NzA0MTY4OTY3ODA3MDA5Njc3MzU5MDQyOTgwODkwOTYxNjc1MDQ1MjkyNzI1ODAwMDg0MzUwMDM0NDgzMTYyODI5NzA4OTkwMjcyODY0OTk4MTk5NDM4NzY0NzIzNDU3NDI3NjI2MzcyOTY5NDg0ODMwNDc1MDkxNzE3NDE4NjE4MTEzMDY4ODUxODc5Mjc0ODYyMjYxMjI5MzM0MTM2ODkyODA1NjYzNDM4NDQ2NjY0NjMyNjU3MjQ3NjE2NzI3NTY2MDgzOTEwNTY1MDUyODk3NTcxMzg5OTMyMDIxMTEyMTQ5NTc5NTMxMTQyNzk0NjI1NDU1MzMwNTM4NzA2NzgyMTA2NzYwMTc2ODc1MDk3Nzg2NjEwMDQ2MDAxNDYwMjEzODQwODQ0ODAyMTIyNTA1MzY4OTA1NDc5Mzc0MjAwMzA5NTcyMjA5NjczMjk1NDc1MDcyMTcxODExNTUzMTg3MTMxMDIzMTA1NzkwMjYwODU4MDQ5Niw0NzgyMjAyNzg4MDU0NjEyMDI5NTI4MzkyOTg2NjAwMDU5MDk3NDE0OTcxNzI0MDIyMzY1MDA4NTEzMzQ1MTA5OTE4Mzc4OTUwOTQyNjYyOTcwMjc4OTI3Njg2MTEyNzA3ODk0NTg2ODI0NzIwOTgxNTI0MjU2MzE5MzA2NTg1MDUyNjc2ODM0MDg3NDgwODM0NDI5NDMzMjY0Nzk3NDI1ODkzMjQ3NjIzNjg4MzMxMDIxNjMzMjA4OTU0ODQ3MzU0ODA1Nzk5OTQzMzQxMzA5ODI1OTg5MDEzNzQzODA2MTg3MTA5NTgxMDQzMTQ4NjgwODEzNzc4MzIxNTMwNDk2NzE1NjAxNTYzMjgyNjI0NDE0MDQwMzk4MTQzMjA3NjIyMDM2MjcyMTkwNDA4NTkwNzkwNTM3MjAzNDc1MjU2MTA1NTY0MDcxNTc5MjYzODY3ODc1MjQwOTg1NTczMzU2NTIyNjU2MTA4NTQyMTI4NTc3MzIxMDU3ODc5MDUyMzI4ODY1MDM1MzU1ODczNjE1Njc5MzYzNjU1ODg5OTI1NzExNTc0NDIwMTUzODMyMDkxNzUyNDIyODQzMDQ2OTE4ODExNDI3NDAwNjYyMTM1NTU5MzAzNTE2ODUzNzAzOTc2ODEyNjg2Mzg1NzUwMzc2MjI3Nzg3OTQ5NTgwNTgyMDgxODMxMjYxNzI1NzAxMDAzNDk4MjA2NTEyMzI5ODcyNjc3MjMzNDg5NTEwOTUzNDY5Mzc1NjgzMDM3MDM4MzczOTk5Njk2NzcxNTg1Nzg4OTA1NjM5MTE1NTIyNjEzNDA1NDk1NzA3MTg0NTI0MTU4MjE5MjA4MjIzNzY2NDQyMDU5MDE0NTkzMzMwNjU3MDA5NzIyMTUzOTYyMzc2ODUzNDIzNzcwNDg2MTM4NTc4MDg5Nzc1NjIxMzAxMTY3ODExMjk5MTY2NDA3MzYxNzQ2NjA2Njk3ODA4MTg2NzU3OTY2OTE0NjcxMjQ2MDczNzEyOTA0MjAwNTg4NDA4OTIzMTg2Mzg3NzM3ODg3Njc1MjkyODg2OTUzNzk3MDY2OTgwOTY3NDA2MDUzNTMwMTIyODUzNTM5MDM2OTY1NDkwMjI0Nzg0OTI0NjQ5MDA3OTU0ODk4Njc4NTAzMzE0NjU1NTQ2NDc1NTA0NTAxNjg2MTg3MzU0ODY2OTY0Mzc0NTUyNjE0MTIwNjQwNzgyOTQ5NjIyNDUyMDI3Nzg4OTYyMTM4NjAyNjY1OTMzMTQ3Njg3Njk2MzIyMDg5NTA0Mjc4NzkxNjI0NjUxNTE5MzEyMzI3ODMxNzU2NTUzNzc5Mzc3MTk0NTI0NjczMzk1ODE5MjgxNDg2NjY4NTc2Mzg0MDE5NTkwNzIwMTc5NDEzMzQ5NTgyOTcwMzE5MzkzODg0Mzg4ODEwNDk0NTQ2MDQwMzQyMDg3NTM2NTYzNjI4MzMyMTUyMDczMTgxNjE0MzAwNzIxNzY5MzcxNDI2MjM4NTE3NTQwNTIwODQ1MjE0NjY1MzEzMzAxMTgzNTUxOTYyNTkxODQ5NTU4OTM4NDk5MDI1MzQ4NzgwMzc2NzE2NDc3MDczOTMwNjM0NDM2ODQwMDg0NDY4MjU1OTM3NDQzNDUxNjkwMzE1OTk5MzQ5MTM3NjY0NjM4OTY4OTcyNjE0MTk5MDE1MzA0OTA2NTQ3ODE5MDU2MjI3MTcxMjI0OTQ3MDcwNzM5NzE2MzAwOTUzNzc1NzQzNDQxMzA3OTIwNTAxODYzNTMyMjM0NDY2NTQ1NjQ1Njk1Nzc0MzMxODg1MDQ0OTc4MjUwMTQ4NjYzNDY3MzcyMTMwMzkyMDk5ODk0ODUyMTQ1MTkwOTk4MjMyODc4NzcyNDg2NjUwNTEzMDEwODE2NzY5OTAyODkyNTE4NzE5MjUwMDY2OTQ3MjE1NzA2NTM2MjE2MjQ4Njk2MjQwNTY5MjU2ODY1NTU0Mjk2MjIxNTUyMjExNTYwNDI3Nzc4NjYyNTQ1OTM2OTk4ODAxMDcwMTg2MTYyNjAxNDc2NDc0MjkzNDU5ODMwMTgzNjUxMjczMzYzNDYyNzMyNjc1ODgzMDYwNzAxNDEwMzU5MjU0ODI5MTQ5Nzc0MzM5Mjk3MTczNjgwNzY1NjEwOTU5NTk5OTExMzA5MTg5Nzg4MjM4MzUwMTMxNjM1NjcyNjYxNDM1OTY5MjE4MjM5OTc3MTk2OTMzODc0Mzk1NDAzOTk2NjIzNjc1NTgwNTI4MjExMjA3MTM2Mzk2MzcwODU4MDU2MDUxMTYwNzgxNzcwOTg1NDUyNTc2OTg4MDMyMzMzODEyOTM5MjcyNzUyMTAxOTQ0NjI5NTI3NDkwMzEzODM1NTUxOTg1MTk3MDk1OTI4ODg1MjM2NDE1MzAxNzg5MjE4Njc1MTQxMDE0NTQxMjAzMDk2MTkxMjcwOTM0MzY5MDM5NTIyMDk4MjgwMzE3NjY4OTQyMDYxMzI1NTcyMzQ5NjQzNjM4NDAzMDU2NDg3MzQ5MjkwODg0MjIzNzg2MjkyODg3NDcyMjMxMjE5MDMyMzg1MjgxMDM0MDkxODI0MzA2NjE4OTQ3NzQwNzI3MjY1NTI0Mjg0ODkzMzA0NDc0ODYxNDU0OTQyMDc2Nzk5MDQxNzM5NDQ3MTY1ODM4MjgxNjcxNDEwNDM1ODMxMjA2NzkwNTAxOTE0NTI3MzI2Mjg3MzcwMzM5OTc0NzA3MjA2MDE2ODgyNTYyODI3NDA0MjcwMTcwMzIyNjA2NzI3OTgwMzQzNDc5MzI2NDI1NzMwMDkxODM5ODEzMDc3NzE5MzIyNDU1Mzk0NzYzOTYwNjA2NTg4MjE0MzI2NjAzMTU2MTQxNDkwNzQwNTU3Njk4MDU1MTY2MjYzMDQ0NDQ3NTgzNzU2NzExNTE2NDkwMTgxMTkzNDQyMjM2ODU5NDI0MTUxODQzNzk1Mzg5MzM1NzY1NDMyMTI5OTQ0MDU0ODU1MzQ1MTU1ODU5MjczNDI0NTYxODI1MTQ2ODEzNzE0NzIwNjA2Mjg3NzgxMDIxMjQwOTIzNzA4MDIxNDkyMjk4MzQ5NjM1MTc5NTI3MjcwMzAyOTYyOTcwMTU2OTI3Njg2NTExNjM1MDUwMDgwNDA3MjgyNjc0MjUyMzYyNjQ0Njk1NzEwNzY5NzY4ODY2MTM3MzAyNzg5MzEzNjA5Njc0MzgyNzE5MDE3Mzg1NTA4NDg0NjYzMzczNDc2MTIwODQzNTY3OTgzMDY1MDU5NTU4MDcyOTM1MTEwNjM3NTQ0MjQwODA3MzUwNjY3MDgyOTg3MjMzNzc5NzY4ODc0OTM4OTgzNTg0NTIzMDk1NjM4OTk2MTIwNjE2MzE4NjM0MzkxOTY3MTEyMDg2NDY0Mzg0NjQ5NDcwOTYzMjMwMDcyNzI5MjAwOTEyNTg2MTQ3MjY3OTk5NzYyNDk2NzA5ODUyNzY5NTAzNTM1NzMzOTI0NDE2MjAyNjU3NzIwNzQxMjQ4NjgzNTkyMjAyODI4OTgzMzExMTQwODMzOTIzMzAyNDMzOTE3Nzk3OTc2OTkwMzExNDI1ODQzNjE5MzUwOTM2NzU0NDgzODExMTk0NDA4ODEyNzYzMzg4MDg0MjA0NDUxODA0OTEyNDU0MzgzODg0MTgwODAwOTQ1Mjc1NjI2NjY4MDU3NjI4OTU0NzYzMzg0NjQxMzA1MTA3NzUzNzczMjQ3MDgyNDk1ODA0NTMzMzU1NzE3NDgxOTY1MDI1MDcwODE5NzMwNDY2NDIyODI2MTA1Njk3NTEwNTY0Mjg5Nzk4OTUxMTgyMTkyODg1OTc2MzUyMjI5MDUzODk4OTQ4NzM3NjE0NjQyMTM5OTEwOTExNTM1ODY0NTA1ODE4OTkyNjk2ODI2MjI1NzU0MDEx"
cipher = base64.b64decode(cipher_b64).decode().split(",")
me = [2, 3, 5, 7, 13, 17, 19, 31, 61, 89, 107, 127, 521, 607, 1279, 2203, 2281, 3217, 4253, 4423, 9689, 9941, 11213, 19937, 21701, 23209, 44497, 86243, 110503, 132049, 216091, 756839, 859433, 1257787, 1398269, 2976221, 3021377, 6972593, 13466917, 20996011, 24036583, 25964951, 30402457, 32582657, 37156667, 42643801, 43112609]
print("flag{", end="")
while count < len(cipher):
print(chr(int(cipher[count]) ^ 2**me[count]-1), end="", flush=True)
count += 1
print("}")
```
Running this program finds the flag in under a second.
## Flag
`flag{more_primes_more_good}`