Rating:

Tldr;

We can use the attack from part 1 to recover the seed, but how do we get the shared key without knowing anything about bob's secret?

1. Notice that bitcoin hashes have lots of leading zeroes, so the Rng(bitcoin hash) getbits will return 0
2. Search through the bitcoin blockchain for a hash where Rng(hash - 2) getbits(512) is a prime
3. After recovering the seed, flip alice's seed to that hash, and force alice's secret to be 0
4. Now the shared secret must be 1336

Original writeup (https://ubcctf.github.io/2020/11/dragonctf2020-bitflips/).