Assume

assume for the sake of contradiction that pet the catloe

Here’s the sage source:

1
import random
2
import ast
3
import sys
4

5
p = random_prime(2^64-1, False, 2^63)
6
print(p)
7
R = Integers(p)
8

9
def gen_rand_string(n):
10
    return "".join([chr(random.randint(65, 90)) for _ in range(n)])
11

12
g = mod(primitive_root(p), p)
13
target_str = open("flag.txt").readline()
14

15
#print(target_str)
16

17
open("target.txt","w+").write(target_str)
18

19
def send_msg(sender, recipient, content):
20
    print(f"{sender} {recipient} {content}")
21

22
for pos in range(len(target_str)):
23
    fixed_eve = gen_rand_string(1)
24
    for iter in range(20):
25
        a = random.randint(1, p-1)
26
        b = random.randint(1, p-1)
27
        send_msg("Alice", "Bob", g^a)
28
        send_msg("Bob", "Alice", b)
29
        send_msg("Bob", "Alice", g^b)
30
        if random.randint(1, 2) == 1:
31
            # interception occurs
32
            c = random.randint(1, p-1)
33
            send_msg("Alice", "Bob", fixed_eve)
34
            send_msg("Alice", "Bob", g^c)
35
        else:
36
            send_msg("Alice", "Bob", target_str[pos])
37
            send_msg("Alice", "Bob", g^(a * b))
38
        print()
39

40
def input_with_timeout(prompt, timeout):
41
    sys.stdout.write(prompt)
42
    sys.stdout.flush()
43
    ready, _, _ = select.select([sys.stdin], [], [], timeout)
44
    if ready:
45
        return sys.stdin.readline().rstrip('\n')
46
    raise Exception
47

48

49
try:
50
    answer = input_with_timeout('', 20)
51
    try:
52
        answer = ast.literal_eval(answer)
53
        if target_str == answer:
54
            print(":o")
55
            print(flag)
56
        else:
57
            print("im upset")
58
    except Exception as e:
59
        print("im very upset")
60
except Exception as e:
61
    print("\nyou've let me down :(")

If you take a look a the following section, you might notice something strange:

1
for pos in range(len(target_str)):
2
    fixed_eve = gen_rand_string(1)
3
    for iter in range(20):
4
        a = random.randint(1, p-1)
5
        b = random.randint(1, p-1)
6
        send_msg("Alice", "Bob", g^a)
7
        send_msg("Bob", "Alice", b)
8
        send_msg("Bob", "Alice", g^b)
9
        if random.randint(1, 2) == 1:
10
            # interception occurs
11
            c = random.randint(1, p-1)
12
            send_msg("Alice", "Bob", fixed_eve)
13
            send_msg("Alice", "Bob", g^c)
14
        else:
15
            send_msg("Alice", "Bob", target_str[pos])
16
            send_msg("Alice", "Bob", g^(a * b))
17
        print()

So, 50% of the time, it will print the byte of the flag at that position, and otherwise, it will print a capital letter. So… the flag is probably just the non-capital letter bytes in sequence?

The answer is yes. This is not a real crypto problem. Just go through the log.txt file and note the bytes that aren’t capital letters to get the flag:

1
tjctf{legendary_legendre0xd5109ab3}