I use recursive relation
enc[n+1] = (enc[n] + msg[n] + key[n])%128
Note that last bytes of message are filled with flag, so this gives another relation (after inlining key_len and pipe_offset)
msg[n%13 + 22] = key[n%13]
Using this I start with given pipe character and perform jumping through the bytes of key. Thankfully, key_len
and pipe_offset
are coprime, so jumping doesn't mean falling into a small cycle. Therefore all bytes will be restored.