Rating:

```
#!/usr/bin/env python2

import os
import pwn
from Crypto.Util.number import long_to_bytes

p = 160634950613302858781995506902938412625377360249559915379491492274326359260806831823821711441204122060415286351711411013883400510041411782176467940678464161205204391247137689678794367049197824119717278923753940984084059450704378828123780678883777306239500480793044460796256306557893061457956479624163771194201
g = 2

if __name__ == '__main__':
if 'REMOTE' in os.environ:
r = pwn.remote('ppc2.chal.ctf.westerns.tokyo', 28459)
else:
r = pwn.process('./server.py')

flag = 0

r.sendline(hex(0))
ini = int(r.readline().strip(), 16)
for n in range(p.bit_length()):
r.sendline(hex(1 << n))
c = int(r.readline().strip(), 16)
if ini == (c * pow(g, 1 << n, p)) % p:
flag += (1 << n)
prev = c
print(n)

print(flag)
print(long_to_bytes(flag))
```

Original writeup (https://gist.github.com/enedil/d2eef0213165cc3a3ea68fdbc43f7686).