The following code and the outputs was given. It seems that the flag is encrypted with random numbers. We can get the upper k bits of two consecutive values, named w0 and w1. We can get the flag when the prediction of pseudo random numbers can be achieved using these.
Let over and be the nbits. Then and are given by the following equations.
Here and are unknown quantities. If they are found, we can expect the pseudo random sequences. Expanding , we get further
Thus, we get the following equation
where are suitable constants (They are explicitly depend on know parameters).
For easy understanding, the equation is written as a congruence in integers.
Now, , and therefore we can believe that required roots are found by Coppersmith's method.
Here is the flag zer0pts{is_blum_blum_shub_safe?}