SekaiCTF 2026 - Cryptography Writeup: oneline6ryp7o

Introduction

    A few days ago, I participated in SekaiCTF 2026, a Jeopardy-style CTF competition, together with my teammate under Echelon Obscura. Despite competing as a team of only two players, we finished 178th out of 926 teams, a result we were particularly happy with considering both the difficulty of the event and the level of competition.

    During the competition, I primarily focused on the Cryptography, Reverse Engineering and Blockchain categories. The event featured a wide variety of well-designed challenges ranging from elegant mathematical puzzles to implementation vulnerabilities and interesting reverse engineering problems. Several of these challenges stood out not only because they required solid technical knowledge but also because they rewarded careful observation and a methodical approach rather than brute force.

    As with my previous writeup series, this series aims to document the complete solving process behind the challenges I tackled. Instead of simply presenting the final exploit or solver, I will walk through the reasoning process, the observations that guided the analysis, the mathematical concepts involved where applicable and the steps that ultimately led to the solution. My goal is for these writeups to be useful not only for readers looking for the solution but also for anyone interested in understanding why the attacks work.

    In this post, we will take a look at oneline6ryp7o, an elegant cryptography challenge that consisted of nothing more than a single line of Python. Although it initially appeared to be an exercise in deciphering Python syntax, the real challenge lay in recognizing the mathematical properties hidden behind the code.

Challenge Overview

    Unlike most cryptography challenges, oneline6ryp7o did not provide a downloadable attachment or a remote service to interact with. Instead, the challenge consisted solely of the following description and a single line of Python code. The provided description was:

how hard can six seven be

assert import(’re’).match(‘SEKAI{[67]{67}}$’,flag:=input()) and not int.from_bytes(flag.encode())%~(6+~7)**67

    At first glance, the challenge appears more like a Python code-golf exercise than a cryptography problem. The entire verification logic is compressed into a single statement and makes use of Python-specific features such as the walrus operator (:=), the bitwise complement operator (~) and several compact expressions that make the code intentionally difficult to read.

    As with any challenge, the first step is to understand exactly what the verification code is checking. The assertion consists of two separate conditions joined by the logical and operator. Both conditions must therefore evaluate to True for the supplied flag to be accepted.

    The first condition is relatively straightforward:

__import__('re').match('SEKAI{[67]{67}}$', flag := input())

    This regular expression enforces the expected flag format. More specifically, it requires that the flag:

• starts with the prefix SEKAI{},
• contains exactly 67 characters between the braces,
• uses only the characters '6' and '7',
• and ends with the closing brace }.

    In other words, the unknown portion of the flag is a 67-character string over the alphabet {6, 7}.

    Although restricting each position to only two possible values significantly reduces the search space compared to arbitrary printable characters, a brute-force solution is still completely impractical. Since every one of the 67 positions has two possible choices, the total number of candidate strings is 2^67, which is approximately 1.48 * 10^20 possibilities.

    The second part of the assertion is considerably more interesting:

not int.from_bytes(flag.encode()) % ~(6 + ~7) ** 67

    Since the expression is wrapped inside the logical not operator, the modulo operation must evaluate to zero. Consequently, the challenge requires the integer representation of the entire flag to be exactly divisible by the value produced by the expression ~(6 + ~7) ** 67. At first sight this expression appears rather cryptic. However, after simplifying it, the underlying mathematical structure of the challenge begins to emerge.

Simplifying the Hidden Modulus

    The expression ~(6 + ~7) ** 67 looks intentionally confusing at first glance. Fortunately, Python’s bitwise complement operator follows a simple rule for integers:

~x = -x - 1

    With this in mind, we can evaluate the expression step by step. First, we compute the inner complement ~7, which evaluates to -8. Therefore, 6 + ~7 becomes -2. Raising this value to the 67th power gives (-2)^67 = -(2^67), because the exponent is odd. Finally, applying the bitwise complement once more gives ~(-(2^67)) = 2^67 - 1. The original assertion can therefore be rewritten into a much simpler form:

assert int.from_bytes(flag.encode()) % (2**67 - 1) == 0

    This reveals the actual objective of the challenge. We need to construct a valid flag whose byte representation, interpreted as one large integer, is divisible by 2^67 - 1. At this point, the challenge starts looking much more like a cryptography problem than a Python puzzle. However, one important question still remains unanswered.

    Why did the challenge author specifically choose exactly 67 unknown characters, an alphabet consisting only of 6 and 7 and the modulus 2^67 - 1? As it turns out, these three choices are tightly connected. Understanding this relationship is the key observation that transforms the challenge from an impossible brute-force search into a straightforward mathematical problem.

The Key Observation

    After simplifying the modulus, the condition becomes:

int.from_bytes(flag.encode()) % (2**67 - 1) == 0

    The flag body contains exactly 67 characters and each character is either 6 or 7. This gives us a useful way to model the unknown part of the flag. The important ASCII values are:

ord('6') = 54
ord('7') = 55

    So 7 is simply 6 + 1. This means that we can first imagine a base flag where all unknown characters are 6:

SEKAI{6666666666666666666666666666666666666666666666666666666666666666666}

    Then, every position that should actually be a 7 can be treated as adding 1 to the corresponding byte. In other words, instead of trying to brute force the whole flag directly, we only need to decide which of the 67 positions should receive this extra +1.

    Since the flag is converted to an integer using int.from_bytes(flag.encode()), each byte contributes according to its position in the string. Moving one byte to the left is equivalent to multiplying by 256. Therefore, changing one character from 6 to 7 adds a power of 256 to the final integer. So the problem becomes:

base_flag_integer + selected_powers_of_256 must be divisible by 2^67 - 1

    This is where the choice of the number 67 becomes important. Since 256 = 2^8 and the modulus is 2^67 - 1, we know that 2^67 = 1 modulo (2^67 - 1). As a result, powers of 256 wrap around nicely modulo 2^67 - 1. Because there are exactly 67 unknown characters, the 67 possible character positions line up with 67 powers of 256 modulo this Mersenne number.

    This turns the challenge into a much smaller problem. Instead of brute forcing 2^67 complete strings blindly, we can compute exactly which powers of 256 need to be selected so that the final integer becomes divisible by 2^67 - 1.

    That is the main trick of the challenge. The alphabet {6, 7}, the length 67 and the modulus 2^67 - 1 were not random choices. They were carefully selected so that the unknown flag characters could be treated as binary decisions.

Implementing the Solution

    With the mathematical foundation established, implementing the solver becomes much more straightforward. Rather than searching through the enormous space of possible flag candidates, we can directly model the problem using the observations from the previous section.

    The implementation begins by constructing the base flag, where every unknown character is initially set to 6. This allows us to compute the integer representation of the flag and determine its remainder modulo 2^67 - 1. Next, we calculate the contribution of every character position when replacing a 6 with a 7. Since int.from_bytes() interprets the flag as a big-endian integer, each position contributes a different power of 256 to the final value.

    Using these contributions, we build the mathematical model described previously. Each unknown character is represented by a single binary variable, where 0 indicates that the character remains 6 and 1 indicates that it should be replaced with 7. Solving this system immediately reveals the unique combination of positions that satisfies the divisibility requirement.

    Finally, the recovered binary solution is used to reconstruct the flag by replacing the corresponding characters in the base string. Once the substitutions have been applied, the resulting flag satisfies both the regular expression and the modular arithmetic condition imposed by the challenge.

Getting the Flag

    Putting all the pieces together, the complete solver is shown below:

import re

MOD = (1 << 67) - 1

prefix = b"SEKAI{"
suffix = b"}"
body_len = 67

base_body = b"6" * body_len
base_flag = prefix + base_body + suffix
base = int.from_bytes(base_flag)

target = (-base) % MOD

flag_body = ["6"] * body_len
flag_len = len(base_flag)

for i in range(body_len):
    byte_index = len(prefix) + i
    exponent = flag_len - byte_index - 1

    weight = pow(256, exponent, MOD)

    if target & weight:
        flag_body[i] = "7"

flag = "SEKAI{" + "".join(flag_body) + "}"
print(flag)

    Executing the script produces the following output:

$ python solve.py
SEKAI{6777676667666666677676776776777766777777777776777767777776677666666}

    To verify the solution, we can simply substitute the recovered flag into the original assertion provided by the challenge.

flag = "SEKAI{6777676667666666677676776776777766777777777776777767777776677666666}"

assert __import__('re').match(
    'SEKAI{[67]{67}}$',
    flag
) and not int.from_bytes(flag.encode()) % ~(6 + ~7) ** 67

    The assertion succeeds without raising an exception, confirming that the recovered value is indeed the correct flag.

Conclusion

    The oneline6ryp7o was an elegant challenge that demonstrated how a seemingly cryptic one-liner can conceal a well-designed mathematical problem. Although the verification code initially appeared difficult to interpret because of its compact Python syntax and use of bitwise operators, simplifying the expression quickly revealed that the real challenge revolved around modular arithmetic rather than Python itself.

    The key observation was recognizing that restricting the flag characters to only 6 and 7 effectively transformed the unknown portion of the flag into a sequence of binary decisions. Combined with the properties of the Mersenne modulus 2^67 - 1, this allowed the problem to be modeled mathematically instead of relying on brute force, reducing an infeasible search over approximately 1.48 * 10^20 candidates to a deterministic computation.

    I particularly enjoyed this challenge because it combined Python-specific quirks with elegant number theory in a very compact form. It is a great example of how understanding the underlying mathematics often matters far more than the amount of code involved and it serves as a reminder that even a single line of Python can hide a surprisingly clever cryptographic puzzle.