TLDR:

Flag embedded in a qr code

Image is split into two new images, using random.getrandbits() to encode the image into two shares

We only get the second share, which is useless as share 1 is essentially an information theoretic one time pad on it to get back to source image.

We can attack the randomness as they used the inbuilt PRG, which is crackable given 624\*32 bits.

Last 48\*444 pixels in image are white, which we use to recover Mersene twister state, and break PRG, giving full random stream.

Use this to reconstruct original image

Full writeup available here: [https://github.com/blatchley/CTF_Writeups/tree/master/2020/N1CTF/Crypto-VSS](https://github.com/blatchley/CTF_Writeups/tree/master/2020/N1CTF/Crypto-VSS)

Original writeup (https://github.com/blatchley/CTF_Writeups/tree/master/2020/N1CTF/Crypto-VSS).