tl;dr: generate constraints, use Z3 to solve

Full writeup: https://github.com/p4-team/ctf/tree/master/2017-09-02-tokyo/crypto_simple